Vulnerabilities > CVE-2006-5737 - Cross-Site Request Forgery vulnerability in Punbb 1.2.14

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

punbb

NVD

Published: 2006-11-06

Updated: 2018-10-17

Summary

PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.

Vulnerable Configurations

Part	Description	Count
Application	Punbb Punbb Punbb 1.2.14	1

References

http://securitytracker.com/id?1017131
http://www.osvdb.org/30134
http://www.securityfocus.com/archive/1/450055/100/0/threaded
http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities