Nuke ET User Account Deletion Input Validation Vulnerability
BID:23354
Info
Nuke ET User Account Deletion Input Validation Vulnerability
| Bugtraq ID: | 23354 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2007 12:00AM |
| Updated: | Apr 09 2007 09:32PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Tru-Zone NukeET 3.2 Tru-Zone NukeET 3.1 Tru-Zone NukeET 3.0 Tru-Zone NukeET 3.4 Tru-Zone NukeET 3.3 |
| Not Vulnerable: | |
Discussion
Nuke ET User Account Deletion Input Validation Vulnerability
Nuke ET is prone to an input-validation vulnerability because it fails to verify user-supplied data before performing certain actions.
An attacker can exploit this issue to delete arbitrary user accounts from the application.
Nuke ET 3.4 and prior versions are vulnerable.
Nuke ET is prone to an input-validation vulnerability because it fails to verify user-supplied data before performing certain actions.
An attacker can exploit this issue to delete arbitrary user accounts from the application.
Nuke ET 3.4 and prior versions are vulnerable.
Exploit / POC
Nuke ET User Account Deletion Input Validation Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Nuke ET User Account Deletion Input Validation Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Tru-Zone NukeET 3.3
Tru-Zone NukeET 3.4
Tru-Zone NukeET 3.0
Tru-Zone NukeET 3.1
Tru-Zone NukeET 3.2
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Tru-Zone NukeET 3.3
-
Tru-Zone Version 3.4 Fix 7
http://truzone.org/modules.php?name=DescNuke&d_op=getit&lid=1808
Tru-Zone NukeET 3.4
-
Tru-Zone Version 3.4 Fix 7
http://truzone.org/modules.php?name=DescNuke&d_op=getit&lid=1808
Tru-Zone NukeET 3.0
-
Tru-Zone Version 3.4 Fix 7
http://truzone.org/modules.php?name=DescNuke&d_op=getit&lid=1808
Tru-Zone NukeET 3.1
-
Tru-Zone Version 3.4 Fix 7
http://truzone.org/modules.php?name=DescNuke&d_op=getit&lid=1808
Tru-Zone NukeET 3.2
-
Tru-Zone Version 3.4 Fix 7
http://truzone.org/modules.php?name=DescNuke&d_op=getit&lid=1808
References
Nuke ET User Account Deletion Input Validation Vulnerability
References:
References:
- ET34-69 [Error Seguridad] (Tru-Zone)
- Vendor Homepage (Tru-Zone)