← back
CVE-2006-6822

CVE-2006-6822

EPSS 1.7%
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2994unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/2994http://www.securityfocus.com/bid/21739http://www.vupen.com/english/advisories/2006/5154