The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-15T19:00:00Z

Updated: 2024-09-16T19:41:40.430Z

Reserved: 2006-12-15T00:00:00Z

Link: CVE-2006-6588

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-12-15T19:28:00.000

Modified: 2024-11-21T00:23:03.030

Link: CVE-2006-6588

cve-icon Redhat

No data.