CVE-2006-6822

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

Published: Dec 29, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6822
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
enthrallweb / eclassifieds	-	-

http://www.securityfocus.com/bid/21739
http://www.vupen.com/english/advisories/2006/5154
https://www.exploit-db.com/exploits/2994

Vulnerability Database

290,273

CVE-2006-6822