CVE-2006-4586
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2006-4586
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TR Forum SQL注入及认证绕过漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tr Forum是一款法语的论坛程序。 Tr Forum中的多个漏洞允许恶意用户执行SQL注入攻击和绕过某些安全限制。 1) admin/insert_admin.php文件中缺少认证,允许创建拥有有限权限的管理员帐号。 2) 没有正确过滤对admin/editer.php文件中id2参数的输入,允许攻击者通过注入任意SQL代码操控SQL查询。成功攻击要求某些管理权限。 3) 在更新配置文件时缺少访问验证,允许通过更改id参数修改其他用户的设置。 组合使用#1和#2所述漏洞允许以完全权限访问管理部分。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2006-4586
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2006-4586
Please Login to view more intelligence information
- http://acid-root.new.fr/poc/10060903.txtx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2006-4586
Same Patch Batch · n/a · 2006-09-06 · 41 CVEs total
| CVE-2006-4553 | Mambo/Joomla 'plugin.class.php'脚本 远程文件包含漏洞 | |
| CVE-2006-4544 | ExBB 多个PHP远程文件包含漏洞 | |
| CVE-2006-4545 | ModuleBased CMS 多个远程PHP文件包含漏洞 | |
| CVE-2006-4546 | Lyris ListManager 特权提升漏洞 | |
| CVE-2006-4547 | Lyris ListManager 敏感信息泄露漏洞 | |
| CVE-2006-4548 | e107 'ibrowser.php'执行任意PHP代码 | |
| CVE-2006-4549 | CHXO Feedsplitter 'showsource'函数输入验证漏洞 | |
| CVE-2006-4550 | CHXO Feedsplitter 目录遍历漏洞 | |
| CVE-2006-4551 | CHXO Feedsplitter Eval注入漏洞 | |
| CVE-2006-4552 | CHXO Feedsplitter 跨站脚本攻击漏洞 | |
| CVE-2006-4543 | HLstats 'Index.PHP' 跨站脚本攻击漏洞 | |
| CVE-2006-4554 | Compression Plus 栈溢出漏洞 | |
| CVE-2006-4555 | CR64Loader 缓冲区溢出漏洞 | |
| CVE-2006-4556 | Mambo and Joomla!'index.php' PHP远程文件包含漏洞 | |
| CVE-2006-4557 | Bob Jewell Discloser 'plugins/plugins.php' PHP远程文件包含漏洞 | |
| CVE-2006-4558 | DeluxeBB 'newpost.php'任意PHP代码执行漏洞 | |
| CVE-2006-4559 | Yet Another Community System (YACS) CMS 多个PHP远程文件包含漏洞 | |
| CVE-2006-4560 | Windows XP SP2 Internet Explorer 任意脚本执行漏洞 | |
| CVE-2006-4561 | Mozilla Firefox 任意脚本执行漏洞 | |
| CVE-2006-4562 | Symantec Gateway Security 安全漏洞 |
Showing top 20 of 41 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8248
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send
V. Comments for CVE-2006-4586
No comments yet