Published: 24/07/2006 Updated: 17/10/2018

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote malicious users to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-post php-post 1.0
php-post php-post 0.21

[KAPDA::#52] - PHP-Post 10 Cookie Modification Privilege Escalation Vulnerability Vulnerable product: Tested on PHP-Post 021 and 10 Vendor: php-postcouk Vulnerability: Privilege Escalation Date: -------------------- Found: Nov 23, 2005 Vendor Contacted: Jun 01, 2006 Release Date: July 18, 2006 Vulnerability: -------------------- Pr ...

NVD-CWE-Other http://www.kapda.ir/advisory-380.html http://www.securityfocus.com/bid/19046 http://secunia.com/advisories/21115 http://securityreason.com/securityalert/1264 http://www.vupen.com/english/advisories/2006/2877 https://exchange.xforce.ibmcloud.com/vulnerabilities/27862 https://www.exploit-db.com/exploits/2036 http://www.securityfocus.com/archive/1/440419/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/2036/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-3772

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect