CVE-2006-2942
Severity Score
5.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
TWiki 4.0.0, 4.0.1 y 4.0.2 permite a atacantes remotos obtener privielgios de administrador de Twiki a través de un formulario TWiki.TWikiRegistration con un atributo de acción modificado que hace referencia a la Sandbox web en lugar de la user web, lo que puede ser utilizado para asociar el nombre de inicio de sesión de un usuario con el WikiName de un miembro de TWikiAdminGroup.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-06-12 CVE Reserved
- 2006-06-20 CVE Published
- 2023-08-16 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html | Mailing List | |
| http://www.osvdb.org/26623 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/2415 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27336 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/20596 | 2017-07-20 | |
| http://securitytracker.com/id?1016323 | 2017-07-20 | |
| http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation | 2017-07-20 | |
| http://www.securityfocus.com/bid/18506 | 2017-07-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Twiki Search vendor "Twiki" | Twiki Search vendor "Twiki" for product "Twiki" | 4.0.0 Search vendor "Twiki" for product "Twiki" and version "4.0.0" | - |
Affected
| ||||||
| Twiki Search vendor "Twiki" | Twiki Search vendor "Twiki" for product "Twiki" | 4.0.1 Search vendor "Twiki" for product "Twiki" and version "4.0.1" | - |
Affected
| ||||||
| Twiki Search vendor "Twiki" | Twiki Search vendor "Twiki" for product "Twiki" | 4.0.2 Search vendor "Twiki" for product "Twiki" and version "4.0.2" | - |
Affected
| ||||||