Yasna Yazd Discussion Forum Insecure Default Permission Handling Vulnerabilities
BID:20889
Info
Yasna Yazd Discussion Forum Insecure Default Permission Handling Vulnerabilities
| Bugtraq ID: | 20889 |
| Class: | Design Error |
| CVE: |
CVE-2006-5729 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 03 2006 12:00AM |
| Updated: | Jun 27 2008 03:11PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
Yasna Yazd Discussion Forum 2.4 Yasna Yazd Discussion Forum 2.3 Yasna Yazd Discussion Forum 2.2 Yasna Yazd Discussion Forum 2.1 Yasna Yazd Discussion Forum 1.0 |
| Not Vulnerable: |
Yasna Yazd Discussion Forum 3.0 |
Discussion
Yasna Yazd Discussion Forum Insecure Default Permission Handling Vulnerabilities
Yazd Discussion Forum is prone to multiple insecure-default-permission-handling vulnerabilities. User accounts are granted unintended permissions.
Exploiting these issues may allow a malicious user to create, modify, or read data in privileged areas of the application.
Versions prior to 3.0 are vulnerable.
Yazd Discussion Forum is prone to multiple insecure-default-permission-handling vulnerabilities. User accounts are granted unintended permissions.
Exploiting these issues may allow a malicious user to create, modify, or read data in privileged areas of the application.
Versions prior to 3.0 are vulnerable.
Exploit / POC
Yasna Yazd Discussion Forum Insecure Default Permission Handling Vulnerabilities
Attackers can exploit these issues via a web client.
Attackers can exploit these issues via a web client.
Solution / Fix
Yasna Yazd Discussion Forum Insecure Default Permission Handling Vulnerabilities
Solution:
The vendor has released version 3.0 to address this issue. Please see the references for details.
Solution:
The vendor has released version 3.0 to address this issue. Please see the references for details.
References
Yasna Yazd Discussion Forum Insecure Default Permission Handling Vulnerabilities
References:
References:
- Beta Release notes for 3.0 (Yasna)
- Vendor Homepage (Yasna)