CVE-2006-0182 : login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authe

login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".

Published 2006-01-12 06:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-0182

Acal » Calendar Project » Version: 2.2.5
cpe:2.3:a:acal:calendar_project:2.2.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-0182

EPSS FAQ

0.98%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0182

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-0182

http://evuln.com/vulns/25/summary.html

Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/18432

CVEs referencing this url
http://www.osvdb.org/22344
http://securityreason.com/securityalert/343

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/0152

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/24104
http://www.securityfocus.com/archive/1/421744/100/0/threaded

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-0182

Products affected by CVE-2006-0182

Exploit prediction scoring system (EPSS) score for CVE-2006-0182

CVSS scores for CVE-2006-0182

References for CVE-2006-0182