5.1

CVE-2006-2942

TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TwikiTwiki Version4.0.0
TwikiTwiki Version4.0.1
TwikiTwiki Version4.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.55% 0.717
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html
http://secunia.com/advisories/20596
Patch
Vendor Advisory
http://securitytracker.com/id?1016323
Patch
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
Patch
Vendor Advisory
http://www.osvdb.org/26623
http://www.securityfocus.com/bid/18506
Patch
http://www.vupen.com/english/advisories/2006/2415
https://exchange.xforce.ibmcloud.com/vulnerabilities/27336