CVE-2006-4585: CVE-2006-4585

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-4585

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

TR Forum SQL注入及认证绕过漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Tr Forum是一款法语的论坛程序。 Tr Forum中的多个漏洞允许恶意用户执行SQL注入攻击和绕过某些安全限制。 1) admin/insert_admin.php文件中缺少认证，允许创建拥有有限权限的管理员帐号。 2) 没有正确过滤对admin/editer.php文件中id2参数的输入，允许攻击者通过注入任意SQL代码操控SQL查询。成功攻击要求某些管理权限。 3) 在更新配置文件时缺少访问验证，允许通过更改id参数修改其他用户的设置。组合使用#1和#2所述漏洞允许以完全权限访问管理部分。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2006-4585

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2006-4585

Please Login to view more intelligence information

http://acid-root.new.fr/poc/10060903.txtx_refsource_MISC
http://securityreason.com/securityalert/1508third-party-advisoryx_refsource_SREASON
https://www.exploit-db.com/exploits/2297exploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/21754third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19834vdb-entryx_refsource_BID
http://www.osvdb.org/28545vdb-entryx_refsource_OSVDB
http://securitytracker.com/id?1016788vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/3452vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/28753vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/445079/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-4585

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2006-4585

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2006-4585

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2006-4585

III. Intelligence Information for CVE-2006-4585

New Vulnerabilities

V. Comments for CVE-2006-4585

Leave a comment