Vulnerabilities > Enthrallweb > Enews
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-29 | CVE-2006-6821 | Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. network enthrallweb | 3.5 |