CVE-2006-6822
Vulnerability : In Enthrallweb eClassifieds, myprofile.asp does not properly validate the MM_recordId parameter during profile updates. This allows remote authenticated users to modify certain profile fields of another account by supplying that account’s username in a modified MM_recordId value. ...