Vulnerabilities > CVE-2006-2896 - Security Bypass vulnerability in Funkboard Cf0.71
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit. CVE-2006-2896. Webapps exploit for php platform |
file | exploits/php/webapps/1875.html |
id | EDB-ID:1875 |
last seen | 2016-01-31 |
modified | 2006-06-04 |
platform | php |
port | |
published | 2006-06-04 |
reporter | ajann |
source | https://www.exploit-db.com/download/1875/ |
title | FunkBoard CF0.71 profile.php Remote User Pass Change Exploit |
type | webapps |
References
- http://secunia.com/advisories/20433
- http://securityreason.com/securityalert/1066
- http://www.funkboard.co.uk/forum/thread.php?id=302
- http://www.securityfocus.com/archive/1/435987/100/0/threaded
- http://www.vupen.com/english/advisories/2006/2158
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26912
- https://www.exploit-db.com/exploits/1875