ID CVE-2006-4048
Summary Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:netious_cms:netious_cms:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:netious_cms:netious_cms:0.4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19421
osvdb 27789
secunia 21347
vupen ADV-2006-3167
xf netiouscms-sessionmgmt-session-hijacking(28264)
Last major update 20-07-2017 - 01:32
Published 09-08-2006 - 23:04
Last modified 20-07-2017 - 01:32
Back to Top