Back to search
CVE-2006-2942
Published: Jun 20, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26623
vdb-entry
x_refsource_OSVDB
20596
third-party-advisory
x_refsource_SECUNIA
twiki-action-security-bypass(27336)
vdb-entry
x_refsource_XF
ADV-2006-2415
vdb-entry
x_refsource_VUPEN
1016323
vdb-entry
x_refsource_SECTRACK
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
x_refsource_CONFIRM
18506
vdb-entry
x_refsource_BID
20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)
mailing-list
x_refsource_VULNWATCH
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now