CVE-2006-5909

critical

Description

generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32700

https://exchange.xforce.ibmcloud.com/vulnerabilities/30037

http://www.vupen.com/english/advisories/2007/0760

http://www.securityfocus.com/bid/20934

http://www.securityfocus.com/archive/1/460196/100/0/threaded

http://www.securityfocus.com/archive/1/450679/100/0/threaded

http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633

http://secunia.com/advisories/24311

Details

Source: Mitre, NVD

Published: 2006-11-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00632

Detections

Analytics