CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://issues.apache.org/jira/browse/OFBIZ-178	Exploit
https://issues.apache.org/jira/browse/OFBIZ-178	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:23

Type	Values Removed	Values Added
References	~~() https://issues.apache.org/jira/browse/OFBIZ-178 - Exploit~~	() https://issues.apache.org/jira/browse/OFBIZ-178 - Exploit

Information

Published : 2006-12-15 19:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6588

Mitre link : CVE-2006-6588

CVE.ORG link : CVE-2006-6588

JSON object : View

Products Affected

apache

ofbiz

CWE

NVD-CWE-Other

{"id": "CVE-2006-6588", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-15T19:28:00.000", "references": [{"url": "https://issues.apache.org/jira/browse/OFBIZ-178", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://issues.apache.org/jira/browse/OFBIZ-178", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact."}, {"lang": "es", "value": "La implementaci\u00f3n de forum en el componente ecommerce en Apache Open For Business Project (OFBiz) confia en ( 1) dataResourceTypeId, (2) contentTypeId,y otros campos de la forma, permite a atacantes remotos crear tipos de contenido no autorizados, modifcar contenido, o tener otro tipo de impactos."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6147C66D-2914-457A-8E49-C7C9A85DE5DD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10