CVE-2006-6822

2006-12-2911:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account’s username in a modified MM_recordId parameter.

References

www.securityfocus.com/bid/21739

www.vupen.com/english/advisories/2006/5154

www.exploit-db.com/exploits/2994