CyberSec.Space Logo
Back to CVE Browser

CVE-2006-5878

HIGH
7.5
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile30.07th
PublishedNov 14, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.

Affected Platforms (CPE)

πŸ“¦
Edgewall Software

Trac

<= 0.10
πŸ“¦
Edgewall Software

Trac

= 0.5
πŸ“¦
Edgewall Software

Trac

= 0.5.1
πŸ“¦
Edgewall Software

Trac

= 0.5.2
πŸ“¦
Edgewall Software

Trac

= 0.6
πŸ“¦
Edgewall Software

Trac

= 0.6.1
πŸ“¦
Edgewall Software

Trac

= 0.7
πŸ“¦
Edgewall Software

Trac

= 0.7.1
πŸ“¦
Edgewall Software

Trac

= 0.8
πŸ“¦
Edgewall Software

Trac

= 0.8.1
πŸ“¦
Edgewall Software

Trac

= 0.8.2
πŸ“¦
Edgewall Software

Trac

= 0.8.3
πŸ“¦
Edgewall Software

Trac

= 0.8.4
πŸ“¦
Edgewall Software

Trac

= 0.9
πŸ“¦
Edgewall Software

Trac

= 0.9.1
πŸ“¦
Edgewall Software

Trac

= 0.9.2
πŸ“¦
Edgewall Software

Trac

= 0.9.3
πŸ“¦
Edgewall Software

Trac

= 0.9.4
πŸ“¦
Edgewall Software

Trac

= 0.9.5
πŸ“¦
Edgewall Software

Trac

= 0.9.6
πŸ“¦
Edgewall Software

Trac

= 0.9b1
πŸ“¦
Edgewall Software

Trac

= 0.9b2
πŸ“¦
Edgewall Software

Trac

= 0.50.9

References & Advisories

πŸ”— http://secunia.com/advisories/22789
πŸ”— http://secunia.com/advisories/22868
πŸ”— http://secunia.com/advisories/23357
πŸ”— http://security.gentoo.org/glsa/glsa-200612-14.xml
πŸ”— http://trac.edgewall.org/ticket/4049
πŸ”— http://trac.edgewall.org/wiki/ChangeLog
πŸ”— http://www.debian.org/security/2006/dsa-1209
πŸ”— http://www.vupen.com/english/advisories/2006/4422

Related Vulnerabilities

CVE-2007-140610.0

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, whic...

CVE-2019-10030678.8

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewe...

CVE-2005-40657.5

SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL co...

CVE-2005-39807.5

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execut...