Vulnerability Description
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Punbb | Punbb | 1.2.14 |
References
- http://securitytracker.com/id?1017131
- http://www.osvdb.org/30134
- http://www.securityfocus.com/archive/1/450055/100/0/threaded
- http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities
- http://securitytracker.com/id?1017131
- http://www.osvdb.org/30134
- http://www.securityfocus.com/archive/1/450055/100/0/threaded
- http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities
FAQ
What is CVE-2006-5737?
CVE-2006-5737 is a vulnerability with a CVSS score of 7.2 (HIGH). PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized action...
How severe is CVE-2006-5737?
CVE-2006-5737 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5737?
Check the references section above for vendor advisories and patch information. Affected products include: Punbb Punbb.