Vulnerabilities > CVE-2006-6820 - Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Enthrallweb eCoupons 1.0(myprofile.asp) Remote Pass Change Exploit. CVE-2006-6820. Webapps exploit for asp platform |
file | exploits/asp/webapps/2995.html |
id | EDB-ID:2995 |
last seen | 2016-01-31 |
modified | 2006-12-23 |
platform | asp |
port | |
published | 2006-12-23 |
reporter | ajann |
source | https://www.exploit-db.com/download/2995/ |
title | Enthrallweb eCoupons 1.0 - myprofile.asp Remote Pass Change Exploit |
type | webapps |