Vulnerability Description
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deluxebb | Deluxebb | 1.05 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
- http://securityreason.com/securityalert/1254
- http://www.securityfocus.com/archive/1/440435/100/0/threaded
- http://www.securityfocus.com/bid/19052
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
- http://securityreason.com/securityalert/1254
- http://www.securityfocus.com/archive/1/440435/100/0/threaded
- http://www.securityfocus.com/bid/19052
FAQ
What is CVE-2006-3798?
CVE-2006-3798 is a vulnerability with a CVSS score of 5.0 (MEDIUM). DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variabl...
How severe is CVE-2006-3798?
CVE-2006-3798 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3798?
Check the references section above for vendor advisories and patch information. Affected products include: Deluxebb Deluxebb.