myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
References
Configurations
History
No history.
Information
Published : 2006-12-29 11:28
Updated : 2024-02-28 11:01
NVD link : CVE-2006-6820
Mitre link : CVE-2006-6820
CVE.ORG link : CVE-2006-6820
JSON object : View
Products Affected
enthrallweb
- ecoupons
CWE