The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://issues.apache.org/jira/browse/OFBIZ-178 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-12-15T19:00:00Z
Updated: 2024-09-16T19:41:40.430Z
Reserved: 2006-12-15T00:00:00Z
Link: CVE-2006-6588
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-12-15T19:28:00.000
Modified: 2024-11-21T00:23:03.030
Link: CVE-2006-6588
Redhat
No data.