Vulnerability Details CVE-2006-4246
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v2 Score 3.6
References
- http://secunia.com/advisories/21968
- http://secunia.com/advisories/21981
- http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894
- http://www.debian.org/security/2006/dsa-1177
- http://www.osreviews.net/reviews/admin/usermin
- http://www.securityfocus.com/bid/18574
- http://www.vupen.com/english/advisories/2006/3668
- http://www.webmin.com/uchanges.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
- http://secunia.com/advisories/21968
- http://secunia.com/advisories/21981
- http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894
- http://www.debian.org/security/2006/dsa-1177
- http://www.osreviews.net/reviews/admin/usermin
- http://www.securityfocus.com/bid/18574
- http://www.vupen.com/english/advisories/2006/3668
- http://www.webmin.com/uchanges.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
Products affected by CVE-2006-4246
-
cpe:2.3:a:usermin:usermin:*
-
cpe:2.3:a:usermin:usermin:0.4
-
cpe:2.3:a:usermin:usermin:0.5
-
cpe:2.3:a:usermin:usermin:0.6
-
cpe:2.3:a:usermin:usermin:0.7
-
cpe:2.3:a:usermin:usermin:0.8
-
cpe:2.3:a:usermin:usermin:0.9
-
cpe:2.3:a:usermin:usermin:0.91
-
cpe:2.3:a:usermin:usermin:0.92
-
cpe:2.3:a:usermin:usermin:0.93
-
cpe:2.3:a:usermin:usermin:0.94
-
cpe:2.3:a:usermin:usermin:0.95
-
cpe:2.3:a:usermin:usermin:0.96
-
cpe:2.3:a:usermin:usermin:0.97
-
cpe:2.3:a:usermin:usermin:0.98
-
cpe:2.3:a:usermin:usermin:0.99
-
cpe:2.3:a:usermin:usermin:1.000
-
cpe:2.3:a:usermin:usermin:1.010
-
cpe:2.3:a:usermin:usermin:1.020
-
cpe:2.3:a:usermin:usermin:1.030
-
cpe:2.3:a:usermin:usermin:1.040
-
cpe:2.3:a:usermin:usermin:1.051
-
cpe:2.3:a:usermin:usermin:1.060
-
cpe:2.3:a:usermin:usermin:1.070
-
cpe:2.3:a:usermin:usermin:1.080
-
cpe:2.3:a:usermin:usermin:1.090
-
cpe:2.3:a:usermin:usermin:1.100
-
cpe:2.3:a:usermin:usermin:1.110
-
cpe:2.3:a:usermin:usermin:1.120
-
cpe:2.3:a:usermin:usermin:1.130
-
cpe:2.3:a:usermin:usermin:1.140
-
cpe:2.3:a:usermin:usermin:1.150