Vulnerabilities > CVE-2006-0686 - Input Validation And Access Validation vulnerability in Virtual Hosting Control System
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/18799
- http://securityreason.com/securityalert/430
- http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt
- http://www.securityfocus.com/archive/1/424816/100/0/threaded
- http://www.securityfocus.com/bid/16600
- http://www.vupen.com/english/advisories/2006/0534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24667