Vulnerabilities > CVE-2006-2946 - Remote Security vulnerability in Dmx Forum

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dmx-forum

exploit available

NVD

Published: 2006-06-12

Updated: 2011-03-08

Summary

Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.

Vulnerable Configurations

Part	Description	Count
Application	Dmx_Forum DMX Forum DMX Forum *	1

Exploit-Db

description	Dmx Forum <= 2.1a (edit.php) Remote Password Disclosure Exploit. CVE-2006-2946,CVE-2006-2947. Webapps exploit for php platform
id	EDB-ID:1882
last seen	2016-01-31
modified	2006-06-05
published	2006-06-05
reporter	DarkFig
source	https://www.exploit-db.com/download/1882/
title	Dmx Forum <= 2.1a edit.php Remote Password Disclosure Exploit

References

http://archives.neohapsis.com/archives/bugtraq/2006-05/0799.html
http://secunia.com/advisories/20450
http://www.vupen.com/english/advisories/2006/2154