myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
References
Configurations
History
No history.
Information
Published : 2006-12-29 11:28
Updated : 2024-02-28 11:01
NVD link : CVE-2006-6822
Mitre link : CVE-2006-6822
CVE.ORG link : CVE-2006-6822
JSON object : View
Products Affected
enthrallweb
- eclassifieds
CWE