Vulnerability Details CVE-2006-6820
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.4%
CVSS Severity
CVSS v2 Score 3.5
References
- http://secunia.com/advisories/23517
- http://www.securityfocus.com/bid/21739
- http://www.vupen.com/english/advisories/2006/5155
- https://www.exploit-db.com/exploits/2995
- http://secunia.com/advisories/23517
- http://www.securityfocus.com/bid/21739
- http://www.vupen.com/english/advisories/2006/5155
- https://www.exploit-db.com/exploits/2995
Products affected by CVE-2006-6820
-
cpe:2.3:a:enthrallweb:ecoupons:*