Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3479

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3479
Last Modified 07 Mar 2011 09:38:43
Published 10 Jul 2006 04:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3479

Summary

Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php.

Vulnerable Systems

Application

  • Nuked-klan 1.7 Sp4.2

  • Nuked-klan 1.7.5


References

XF - nukedklan-delblock-csrf(27490)

VUPEN - ADV-2006-2615

BUGTRAQ - 20060629 CSRF in Nuked Klan 1.7 SP4.2

SECUNIA - 20898

SREASON - 1205


Last Updated: 27 May 2016 10:43:02