Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Address Book | The Address Book | 1.04e |
References
- http://osvdb.org/32559
- http://secunia.com/advisories/21694ExploitVendor Advisory
- http://secunia.com/secunia_research/2006-76/advisory/ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31251
- http://osvdb.org/32559
- http://secunia.com/advisories/21694ExploitVendor Advisory
- http://secunia.com/secunia_research/2006-76/advisory/ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31251
FAQ
What is CVE-2006-4582?
CVE-2006-4582 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting ar...
How severe is CVE-2006-4582?
CVE-2006-4582 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4582?
Check the references section above for vendor advisories and patch information. Affected products include: The Address Book The Address Book.