Vulnerabilities > CVE-2006-4584 - SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Tr Forum 2.0 SQL Injection / Bypass Security Restriction Exploit. CVE-2006-4584,CVE-2006-4586. Webapps exploit for php platform file exploits/php/webapps/2297.pl id EDB-ID:2297 last seen 2016-01-31 modified 2006-09-04 platform php port published 2006-09-04 reporter DarkFig source https://www.exploit-db.com/download/2297/ title Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit type webapps description TR Forum 1.5 insert admin CSRF Vulnerability. CVE-2006-4584. Webapps exploit for php platform id EDB-ID:12385 last seen 2016-02-01 modified 2010-04-25 published 2010-04-25 reporter EL-KAHINA source https://www.exploit-db.com/download/12385/ title TR Forum 1.5 - Insert Admin CSRF Vulnerability
References
- http://acid-root.new.fr/poc/10060903.txt
- http://secunia.com/advisories/21754
- http://securityreason.com/securityalert/1508
- http://securitytracker.com/id?1016788
- http://www.osvdb.org/28544
- http://www.securityfocus.com/archive/1/445079/100/0/threaded
- http://www.securityfocus.com/bid/19834
- http://www.vupen.com/english/advisories/2006/3452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28754
- https://www.exploit-db.com/exploits/2297