Vulnerability CVE-2006-6588


Published: 2006-12-15   Modified: 2012-02-12

Description:
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Apache -> Open for business project 
Apache -> Ofbiz 

 References:
https://issues.apache.org/jira/browse/OFBIZ-178

Copyright 2021, cxsecurity.com

 

Back to Top