Skip to main content

CVE-2006-6821

Severity Low
Score 3.5/10

Summary

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

  • MEDIUM
  • NETWORK
  • SINGLE
  • PARTIAL
  • NONE
  • NONE

References

Advisory Timeline

  • Published