PT-2006-7417 · Enthrallweb · Enthrallweb Ecoupons

Ajann

Publicado

2006-12-29

Atualizado

2017-10-19

CVE-2006-6820

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Enthrallweb eCoupons (affected versions not specified)

Description: The issue concerns the myprofile.asp page, which fails to properly validate the MM recordId parameter during profile updates. This allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM recordId parameter.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6820

Produtos afetados

Enthrallweb Ecoupons

PT-2006-7417 · Enthrallweb · Enthrallweb Ecoupons

CVE-2006-6820

Identificadores relacionados

Produtos afetados

Referências · 5