CVE-2006-4078 : pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

Published 2006-08-11 01:04:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-4078

Deluxebb » Deluxebb » Version: 1.08
cpe:2.3:a:deluxebb:deluxebb:1.08:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-4078

EPSS FAQ

0.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-4078

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4078

http://securityreason.com/securityalert/1381

CVEs referencing this url
http://www.securityfocus.com/archive/1/442464/100/0/threaded

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3188
http://www.securityfocus.com/bid/19418
http://secunia.com/advisories/21387

Patch;Vendor Advisory
http://www.osvdb.org/27834
https://exchange.xforce.ibmcloud.com/vulnerabilities/28270

Jump to

Vulnerability Details : CVE-2006-4078

Products affected by CVE-2006-4078

Exploit prediction scoring system (EPSS) score for CVE-2006-4078

CVSS scores for CVE-2006-4078

References for CVE-2006-4078