CVE-2006-4246 | Vulnerability Database | Aqua Security

Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing roots shell instead of the shell of a specified user.

Affected Software

Name	Vendor	Start Version	End Version
Usermin	Usermin	*	1.210 (including)
Usermin	Usermin	0.4 (including)	0.4 (including)
Usermin	Usermin	0.5 (including)	0.5 (including)
Usermin	Usermin	0.6 (including)	0.6 (including)
Usermin	Usermin	0.7 (including)	0.7 (including)
Usermin	Usermin	0.8 (including)	0.8 (including)
Usermin	Usermin	0.9 (including)	0.9 (including)
Usermin	Usermin	0.91 (including)	0.91 (including)
Usermin	Usermin	0.92 (including)	0.92 (including)
Usermin	Usermin	0.93 (including)	0.93 (including)
Usermin	Usermin	0.94 (including)	0.94 (including)
Usermin	Usermin	0.95 (including)	0.95 (including)
Usermin	Usermin	0.96 (including)	0.96 (including)
Usermin	Usermin	0.97 (including)	0.97 (including)
Usermin	Usermin	0.98 (including)	0.98 (including)
Usermin	Usermin	0.99 (including)	0.99 (including)
Usermin	Usermin	1.000 (including)	1.000 (including)
Usermin	Usermin	1.010 (including)	1.010 (including)
Usermin	Usermin	1.020 (including)	1.020 (including)
Usermin	Usermin	1.030 (including)	1.030 (including)
Usermin	Usermin	1.040 (including)	1.040 (including)
Usermin	Usermin	1.051 (including)	1.051 (including)
Usermin	Usermin	1.060 (including)	1.060 (including)
Usermin	Usermin	1.070 (including)	1.070 (including)
Usermin	Usermin	1.080 (including)	1.080 (including)
Usermin	Usermin	1.090 (including)	1.090 (including)
Usermin	Usermin	1.100 (including)	1.100 (including)
Usermin	Usermin	1.110 (including)	1.110 (including)
Usermin	Usermin	1.120 (including)	1.120 (including)
Usermin	Usermin	1.130 (including)	1.130 (including)
Usermin	Usermin	1.140 (including)	1.140 (including)
Usermin	Usermin	1.150 (including)	1.150 (including)

References

http://secunia.com/advisories/21968
http://secunia.com/advisories/21981
http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894
http://www.debian.org/security/2006/dsa-1177
http://www.osreviews.net/reviews/admin/usermin
http://www.securityfocus.com/bid/18574
http://www.vupen.com/english/advisories/2006/3668
http://www.webmin.com/uchanges.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
http://secunia.com/advisories/21968
http://secunia.com/advisories/21981
http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894
http://www.debian.org/security/2006/dsa-1177
http://www.osreviews.net/reviews/admin/usermin
http://www.securityfocus.com/bid/18574
http://www.vupen.com/english/advisories/2006/3668
http://www.webmin.com/uchanges.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/29010

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4246
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html