DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-07-21T21:00:00
Updated: 2018-10-17T20:57:01
Reserved: 2006-07-21T00:00:00
Link: CVE-2006-3798
JSON object: View
NVD Information
Status : Modified
Published: 2006-07-24T12:19:00.000
Modified: 2018-10-17T21:30:14.170
Link: CVE-2006-3798
JSON object: View
Redhat Information
No data.
CWE