CVE Vulnerabilities

CVE-2006-2737

Published: Jun 01, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.

Affected Software

Name Vendor Start Version End Version
Nukedit Nukedit 4.9.0 4.9.0
Nukedit Nukedit 4.9.1 4.9.1
Nukedit Nukedit 4.9.2 4.9.2
Nukedit Nukedit 4.9.3 4.9.3
Nukedit Nukedit * 4.9.6

References