Security Advisory

CVE-2006-6821

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-12-29 11:00:00

Last updated 2024-08-07 20:42:07

Assigner mitre

State PUBLISHED

Description

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that accounts username in a modified MM_recordId parameter.

← Browse all CVEs View on cve.org ↗