Lucene search

[email protected]CVE-2006-6821

HistoryDec 29, 2006 - 11:28 a.m.

CVE-2006-6821

2006-12-2911:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6821

enthrallweb enews

profile update

validation

remote authenticated users

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account’s username in a modified MM_recordId parameter.

Affected configurations

NVD

Node

enthrallwebenews

CPENameOperatorVersion
enthrallweb:enewsenthrallweb enewseq*

CPE	Name	Operator	Version
enthrallweb:enews	enthrallweb enews	eq	*

References

secunia.com/advisories/23518

www.securityfocus.com/bid/21739

www.vupen.com/english/advisories/2006/5156

www.exploit-db.com/exploits/2996

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2006-6821

cvelist1 nvd1