Vulnerabilities

CVE-2006-6820

by Fred · 29/12/2006

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account’s username in a modified MM_recordId parameter.

Date published : 2006-12-29

http://www.securityfocus.com/bid/21739

https://www.exploit-db.com/exploits/2995

Related

Tags: Cybersecurity Alert