PT-2006-7417 · Enthrallweb · Enthrallweb Ecoupons

Ajann

Published

2006-12-29

Updated

2017-10-19

CVE-2006-6820

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Enthrallweb eCoupons (affected versions not specified)

Description: The issue concerns the myprofile.asp page, which fails to properly validate the MM recordId parameter during profile updates. This allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM recordId parameter.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6820

Affected Products

Enthrallweb Ecoupons

PT-2006-7417 · Enthrallweb · Enthrallweb Ecoupons

CVE-2006-6820

Related Identifiers

Affected Products

References · 5