CVE-2006-0691

high

Description

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24570

http://www.vupen.com/english/advisories/2006/0524

http://www.securityfocus.com/bid/16731

http://www.securityfocus.com/bid/16630

http://www.securityfocus.com/archive/1/425505/100/0/threaded

http://www.evuln.com/vulns/69/summary.html

http://secunia.com/advisories/18854

Details

Source: Mitre, NVD

Published: 2006-02-15

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.09894

Detections

Analytics