CVE-2006-6820

Enthrallweb eCoupons - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6820. PoCs published by ajann.

AI-analyzed exploit summary This HTML form exploits CVE-2006-6820 by submitting crafted input to 'myprofile.asp' to bypass authentication or manipulate user profiles. The PoC demonstrates how arbitrary user data can be modified without proper validation.

Description

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ajann · htmlwebappsasp
https://www.exploit-db.com/exploits/2995

This HTML form exploits CVE-2006-6820 by submitting crafted input to 'myprofile.asp' to bypass authentication or manipulate user profiles. The PoC demonstrates how arbitrary user data can be modified without proper validation.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unknown web application (likely custom ASP-based system)
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5155
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2995
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23517
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21739

Scores

EPSS 0.0166
EPSS Percentile 73.6%

Details

Status published
Products (1)
enthrallweb/ecoupons
Published Dec 29, 2006
Tracked Since Feb 18, 2026