CVE-2006-5909 - Cracklier Ibis

Description

generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege which allows remote attackers to reconfigure the application or its user accounts.

Reference

http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633 http://www.securityfocus.com/bid/20934 http://secunia.com/advisories/24311 http://www.vupen.com/english/advisories/2007/0760 https://exchange.xforce.ibmcloud.com/vulnerabilities/32700 https://exchange.xforce.ibmcloud.com/vulnerabilities/30037 http://www.securityfocus.com/archive/1/460196/100/0/threaded http://www.securityfocus.com/archive/1/450679/100/0/threaded