Vulnerabilities > CVE-2006-3837 - Remote Security vulnerability in Professional Home Page Tools Guestbook

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

professional-home-page-tools

NVD

Published: 2006-07-25

Updated: 2018-10-17

Summary

delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout.

Vulnerable Configurations

Part	Description	Count
Application	Professional_Home_Page_Tools Professional Home Page Tools Professional Home Page Tools Guestbook *	1

References

http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt
http://secunia.com/advisories/21102
http://securityreason.com/securityalert/1275
http://www.securityfocus.com/archive/1/440421/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/27775