CVE-2006-3796
Published Jul 24, 2006
Last updated 6 years ago
Overview
- Description
- DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deluxebb:deluxebb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AEFACE5-6714-4ACF-B8D9-6F8EF554C236",
"versionEndIncluding": "1.07"
}
],
"operator": "OR"
}
]
}
]