// For flags

CVE-2006-6449

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Vt-Forum Lite 1.3 y anteriores, almacenan información sensible bajo el web root con control de acceso insuficiente, lo cual permite a un atacante remoto descargar una base de datos a través de respuesta directa para db/forum.mdb. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-12-10 CVE Reserved
  • 2006-12-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vt-forum
Search vendor "Vt-forum"
 Vt-forum Lite
Search vendor "Vt-forum" for product "Vt-forum Lite"
 1.3
Search vendor "Vt-forum" for product "Vt-forum Lite" and version "1.3"
-
Affected