CVE-2006-6821
The CVE concerns Enthrallweb eNews: myprofile.asp fails to validate MM_recordId during profile updates, allowing remote authenticated users to change certain fields of another account by supplying that account’s username in MM_recordId. No remediation details are provided in the supplied documents.