CVE-2006-2737 Information

Description

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups including the administrative group via a modified groupid parameter when creating a user via the addDB action.

Reference

http://secunia.com/advisories/20348 http://securityreason.com/securityalert/1013 http://www.kapda.ir/advisory-337.html http://www.kapda.ir/attach-1661-nukedit.txt http://www.securityfocus.com/archive/1/435311/100/0/threaded http://www.securityfocus.com/bid/18157 http://www.vupen.com/english/advisories/2006/2052 https://exchange.xforce.ibmcloud.com/vulnerabilities/26951