CVE-2006-4582

Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/32559
http://secunia.com/advisories/21694	Exploit Vendor Advisory
http://secunia.com/secunia_research/2006-76/advisory/	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31251

Configurations

Configuration 1 (hide)

cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-12-31 05:00

Updated : 2017-07-20 01:33

NVD link : CVE-2006-4582

Mitre link : CVE-2006-4582

CVE.ORG link : CVE-2006-4582

JSON object : View

Products Affected

the_address_book

the_address_book

CWE

NVD-CWE-Other

{"id": "CVE-2006-4582", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"url": "http://osvdb.org/32559", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/21694", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2006-76/advisory/", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31251", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php."}, {"lang": "es", "value": "Vulnerabilidad en la falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el Address Book 1.04e permite a atacantes remotos la realizaci\u00f3n de acciones no autorizadas, como otros usuarios, mediante vectores sin especificar, como lo demostrado mediante el borrado de usuarios de nuestra elecci\u00f3n a trav\u00e9s del par\u00e1metro id en la acci\u00f3n deleteuser en el users.php."}], "lastModified": "2017-07-20T01:33:11.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "987F84E0-1A6B-484B-B973-9AE2E3ADB435"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}