CVE-2006-4078

Published: Aug 11, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

Affected (1)

Products: Deluxebb: Deluxebb

Deluxebb

1 product

Deluxebb

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deluxebb Deluxebb	Version 1.08

References (14)

http://secunia.com/advisories/21387

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/1381

Source: cve@mitre.org

http://www.osvdb.org/27834

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/442464/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19418

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3188

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28270

Source: cve@mitre.org

http://secunia.com/advisories/21387