Vulnerabilities > CVE-2006-2807 - Authentication Bypass vulnerability in Speedy Asp Discussion Forum

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

aspwebsoft

critical

exploit available

NVD

Published: 2006-06-05

Updated: 2018-10-18

Summary

ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.

Vulnerable Configurations

Part	Description	Count
Application	Aspwebsoft Aspwebsoft Speedy ASP Discussion Forum *	1

Exploit-Db

description	Speedy ASP Forum (profileupdate.asp) User Pass Change Exploit. CVE-2006-2807. Webapps exploit for asp platform
id	EDB-ID:1849
last seen	2016-01-31
modified	2006-05-29
published	2006-05-29
reporter	ajann
source	https://www.exploit-db.com/download/1849/
title	Speedy ASP Forum profileupdate.asp User Pass Change Exploit

Summary

Vulnerable Configurations

Exploit-Db

References