Lucene search

[email protected]CVE-2006-6820

HistoryDec 29, 2006 - 11:28 a.m.

CVE-2006-6820

2006-12-2911:28:00

[email protected]

web.nvd.nist.gov

enthrallweb

ecoupons

myprofile.asp

validation

security issue

mm_recordid

nvd

cve-2006-6820

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account’s username in a modified MM_recordId parameter.

Affected configurations

NVD

Node

enthrallwebecoupons

CPENameOperatorVersion
enthrallweb:ecouponsenthrallweb ecouponseq*

CPE	Name	Operator	Version
enthrallweb:ecoupons	enthrallweb ecoupons	eq	*

References

secunia.com/advisories/23517

www.securityfocus.com/bid/21739

www.vupen.com/english/advisories/2006/5155

www.exploit-db.com/exploits/2995

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2006-6820

nvd1 cvelist1