|
|
CVE Reference: CVE-2006-6822 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-6822 |
|
|
Description: myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. |
|
|
CVE Status: Candidate |
|
|
References: MISC http://www.milw0rm.com/exploits/2994 BID 21739 |
|
| Return to the previous page. |
