CVE-2006-5909 Information

Description

generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege which allows remote attackers to reconfigure the application or its user accounts.

Reference

http://secunia.com/advisories/24311 http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633 http://www.securityfocus.com/archive/1/450679/100/0/threaded http://www.securityfocus.com/archive/1/460196/100/0/threaded http://www.securityfocus.com/bid/20934 http://www.vupen.com/english/advisories/2007/0760 https://exchange.xforce.ibmcloud.com/vulnerabilities/30037 https://exchange.xforce.ibmcloud.com/vulnerabilities/32700