CVE-2006-6821

2006-12-2911:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account’s username in a modified MM_recordId parameter.

References

secunia.com/advisories/23518

www.securityfocus.com/bid/21739

www.vupen.com/english/advisories/2006/5156

www.exploit-db.com/exploits/2996