CVE-2006-6820
The CVE-2006-6820 issue concerns Enthrallweb eCoupons, where myprofile.asp does not properly validate the MM_recordId parameter during profile updates. This allows remote authenticated users to modify certain profile fields of another account by supplying that account’s username in a modified MM_...