Vulnerabilities > CVE-2006-6822 - Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Enthrallweb eClassifieds 1.0 Remote User Pass Change Exploit. CVE-2006-6822. Webapps exploit for asp platform |
| file | exploits/asp/webapps/2994.html |
| id | EDB-ID:2994 |
| last seen | 2016-01-31 |
| modified | 2006-12-23 |
| platform | asp |
| port | |
| published | 2006-12-23 |
| reporter | ajann |
| source | https://www.exploit-db.com/download/2994/ |
| title | Enthrallweb eClassifieds 1.0 - Remote User Pass Change Exploit |
| type | webapps |