← back
CVE-2006-6820

CVE-2006-6820

EPSS 1.7%
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2995unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/23517https://www.exploit-db.com/exploits/2995http://www.securityfocus.com/bid/21739http://www.vupen.com/english/advisories/2006/5155