Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2006-6821

Published: 29/12/2006 Updated: 19/10/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 355
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Enthrallweb

Vulnerability Summary

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

enthrallweb enews

Exploits

Exploit DB: Enthrallweb eNews 1.0 - Remote User Pass Change
<form action="[target]/classifieds/myprofileasp" method="POST" name="form2"> User Id: <input type="text" name="MM_recordId" value="1"> <p> </p> <table align="center" cellpadding="1" cellspacing="1"> <tr valign="baseline"> ...

References

NVD-CWE-Otherhttp://secunia.com/advisories/23518http://www.securityfocus.com/bid/21739http://www.vupen.com/english/advisories/2006/5156https://www.exploit-db.com/exploits/2996https://nvd.nist.govhttps://www.exploit-db.com/exploits/2996/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook