Vulnerability Details : CVE-2006-5729
Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.
Products affected by CVE-2006-5729
- cpe:2.3:a:yazd:yazd_discussion_forum:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:yazd:yazd_discussion_forum:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:yazd:yazd_discussion_forum:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:yazd:yazd_discussion_forum:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:yazd:yazd_discussion_forum:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:yazd:yazd_discussion_forum:2.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5729
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5729
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
References for CVE-2006-5729
-
http://www.securityfocus.com/bid/20889
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29996
Yazd Discussion Forum messages security bypass CVE-2006-5729 Vulnerability Report
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29994
-
http://secunia.com/advisories/22690
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://sourceforge.net/project/shownotes.php?group_id=39239&release_id=460547
Yazd Discussion Forum Software download | SourceForge.netPatch
Jump to