CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:23

Type Values Removed Values Added
References () https://issues.apache.org/jira/browse/OFBIZ-178 - Exploit () https://issues.apache.org/jira/browse/OFBIZ-178 - Exploit

Information

Published : 2006-12-15 19:28

Updated : 2024-11-21 00:23


NVD link : CVE-2006-6588

Mitre link : CVE-2006-6588

CVE.ORG link : CVE-2006-6588


JSON object : View

Products Affected

apache

  • ofbiz