The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
References
Link | Resource |
---|---|
https://issues.apache.org/jira/browse/OFBIZ-178 | Exploit |
https://issues.apache.org/jira/browse/OFBIZ-178 | Exploit |
Configurations
History
21 Nov 2024, 00:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://issues.apache.org/jira/browse/OFBIZ-178 - Exploit |
Information
Published : 2006-12-15 19:28
Updated : 2024-11-21 00:23
NVD link : CVE-2006-6588
Mitre link : CVE-2006-6588
CVE.ORG link : CVE-2006-6588
JSON object : View
Products Affected
apache
- ofbiz
CWE