Vulnerabilities > CVE-2006-2942 - Unspecified vulnerability in Twiki 4.0.0/4.0.1/4.0.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html
- http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html
- http://secunia.com/advisories/20596
- http://secunia.com/advisories/20596
- http://securitytracker.com/id?1016323
- http://securitytracker.com/id?1016323
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
- http://www.osvdb.org/26623
- http://www.osvdb.org/26623
- http://www.securityfocus.com/bid/18506
- http://www.securityfocus.com/bid/18506
- http://www.vupen.com/english/advisories/2006/2415
- http://www.vupen.com/english/advisories/2006/2415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27336