CVE-2006-6246 - OpenCVE

Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Photo Organizer	Photo Organizer

Configuration 1 [-]

cpe:2.3:a:photo_organizer:photo_organizer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.shaftnet.org/task/113
http://po.shaftnet.org/po_stable_changelog
http://secunia.com/advisories/23176
http://www.securityfocus.com/bid/21351
http://www.vupen.com/english/advisories/2006/4766
https://exchange.xforce.ibmcloud.com/vulnerabilities/30577

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-04T11:00:00

Updated: 2024-08-07T20:19:35.026Z

Reserved: 2006-12-03T00:00:00

Link: CVE-2006-6246

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-04T11:28:00.000

Modified: 2017-07-29T01:29:25.500

Link: CVE-2006-6246

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugs.shaftnet.org/task/113"}, {"name": "ADV-2006-4766", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4766"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://po.shaftnet.org/po_stable_changelog"}, {"name": "23176", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23176"}, {"name": "photoorganizer-auth-security-bypass(30577)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577"}, {"name": "21351", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21351"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.shaftnet.org/task/113", "refsource": "MISC", "url": "http://bugs.shaftnet.org/task/113"}, {"name": "ADV-2006-4766", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4766"}, {"name": "http://po.shaftnet.org/po_stable_changelog", "refsource": "CONFIRM", "url": "http://po.shaftnet.org/po_stable_changelog"}, {"name": "23176", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23176"}, {"name": "photoorganizer-auth-security-bypass(30577)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577"}, {"name": "21351", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21351"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:35.026Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.shaftnet.org/task/113"}, {"name": "ADV-2006-4766", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4766"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://po.shaftnet.org/po_stable_changelog"}, {"name": "23176", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23176"}, {"name": "photoorganizer-auth-security-bypass(30577)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577"}, {"name": "21351", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21351"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6246", "datePublished": "2006-12-04T11:00:00", "dateReserved": "2006-12-03T00:00:00", "dateUpdated": "2024-08-07T20:19:35.026Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:photo_organizer:photo_organizer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FA8F3F3-B81C-4CFF-B4E4-8CC06E6DBA0E", "versionEndIncluding": "2.32b", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations."}, {"lang": "es", "value": "Photo Organizer 2.32b y anteriores no comprueban adecuadamente la propiedad de ciertos objetos, lo cual permite a atacantes remotos obtener acceso no autorizado a trav\u00e9s de vectores relacionados con (1) borrado de c\u00e1mara, (2) edici\u00f3n de c\u00e1mara, (3) borrado de carpeta/\u00e1lbum, (4) mover foto (photo.move), (5) indizador de contenido (content.indexer), (6) contenido de carpeta (folder.content), y posiblemente otras operaciones."}], "id": "CVE-2006-6246", "lastModified": "2017-07-29T01:29:25.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-04T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.shaftnet.org/task/113"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://po.shaftnet.org/po_stable_changelog"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23176"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21351"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4766"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}