1. CVE-Search
  2. CVE-2006-0868
ID CVE-2006-0868
Summary Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."
References
Vulnerable Configurations
  • cpe:2.3:a:pear:xml_rpc:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc2:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc3:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc4:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc5:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc5:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc6:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc6:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc7:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.0rc7:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.3.0rc1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.3.0rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.3.0rc2:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.3.0rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:xml_rpc:1.3.0rc3:*:*:*:*:*:*:*
    cpe:2.3:a:pear:xml_rpc:1.3.0rc3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16758
bugtraq 20060222 Multiple Injection Vulnerabilities in PHP PEAR::Auth Module
confirm
gentoo GLSA-200603-13
sectrack 1015666
secunia
  • 19008
  • 19301
vupen ADV-2006-0696
xf auth-multiple-injections(24854)
Last major update 18-10-2018 - 16:29
Published 23-02-2006 - 23:02
Last modified 18-10-2018 - 16:29
Back to Top