CVE-2006-3479 - Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php

CVE-2006-3479

Summary

Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php. Upgrade to Nuked-Klan version 1.7.6 or 1.7 SP4.3

References

Vulnerable Configurations

cpe:2.3:a:nuked-klan:nuked-klan:*:*:*:*:*:*:*:*
cpe:2.3:a:nuked-klan:nuked-klan:*:*:*:*:*:*:*:*
cpe:2.3:a:nuked-klan:nuked-klan:1.7_sp4.2:*:*:*:*:*:*:*
cpe:2.3:a:nuked-klan:nuked-klan:1.7_sp4.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20060629 CSRF in Nuked Klan 1.7 SP4.2
secunia	20898
sreason	1205
vupen	ADV-2006-2615
xf	nukedklan-delblock-csrf(27490)

Last major update

20-07-2017 - 01:32

Published

10-07-2006 - 20:05

Last modified

20-07-2017 - 01:32