CVE-2006-4427 - index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privile

CVE-2006-4427

Summary

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

References

Vulnerable Configurations

cpe:2.3:a:efiction:efiction:1.0:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:1.0:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:1.1:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:1.1:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:2.0:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:2.0:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:efiction:efiction:2.0.6:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	19717
confirm	http://efiction.org/forums/index.php?topic=3698
exploit-db	2255
osvdb	28237
secunia	21625
vupen	ADV-2006-3392
xf	efiction-admin-security-bypass(28595)

Last major update

19-10-2017 - 01:29

Published

29-08-2006 - 00:04

Last modified

19-10-2017 - 01:29