CVE-2006-5986 - Vulnerability Details - OpenCVE

admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Extreme Cms	Extreme Cms

Configuration 1 [-]

cpe:2.3:a:extreme_cms:extreme_cms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/22919
http://www.vupen.com/english/advisories/2006/4529

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-20T21:00:00

Updated: 2024-08-07T20:12:31.004Z

Reserved: 2006-11-20T00:00:00

Link: CVE-2006-5986

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-11-20T21:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5986

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22919", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22919"}, {"name": "ADV-2006-4529", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4529"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5986", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22919", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22919"}, {"name": "ADV-2006-4529", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4529"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.004Z"}, "title": "CVE Program Container", "references": [{"name": "22919", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22919"}, {"name": "ADV-2006-4529", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4529"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5986", "datePublished": "2006-11-20T21:00:00", "dateReserved": "2006-11-20T00:00:00", "dateUpdated": "2024-08-07T20:12:31.004Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:extreme_cms:extreme_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "20796FA7-242C-4E67-A2D6-3BFE900F50C1", "versionEndIncluding": "0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources."}, {"lang": "es", "value": "admin/options.php en Extreme CMS 0.9, y posiblemente anteriores, no requiere autenticaci\u00f3n, lo cual podr\u00eda permite a atacantes remotos realizar actividades no autorizadas. NOTA: este problema puede ser combinado con otras vulnerabilidades para expandir el rango de un ataque de secuencias de comandos en sitios cruzados (XSS) sin autenticaci\u00f3n. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido de informaci\u00f3n de terceros."}], "id": "CVE-2006-5986", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-20T21:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22919"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4529"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}