Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3772

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3772
Last Modified 07 Mar 2011 09:39:28
Published 24 Jul 2006 08:19:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3772

Summary

PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.

Vulnerable Systems

Application

  • Php-post 0.21

  • Php-post 1.0


References

XF - phppost-cookie-privilege-escalation(27862)

VUPEN - ADV-2006-2877

BID - 19046

BUGTRAQ - 20060718 [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability

MISC - http://www.kapda.ir/advisory-380.html

SECUNIA - 21115

SREASON - 1264

MILW0RM - 2036


Last Updated: 27 May 2016 10:43:06