CVE-2006-6588
First published: Fri Dec 15 2006(Updated: )
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OFBiz |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-6588?
CVE-2006-6588 is classified as a high severity vulnerability due to its potential impact on the integrity of content management.
How do I fix CVE-2006-6588?
To fix CVE-2006-6588, ensure that the Apache OFBiz forum implementation does not trust user-controlled input for content type validation.
What are the potential impacts of CVE-2006-6588?
The potential impacts of CVE-2006-6588 include unauthorized creation and modification of content types, leading to possible data integrity issues.
Which versions of Apache OFBiz are affected by CVE-2006-6588?
CVE-2006-6588 affects all versions of Apache OFBiz prior to the specific patches addressing this vulnerability.
Who can exploit CVE-2006-6588?
CVE-2006-6588 can be exploited by remote attackers with access to the forum implementation in Apache OFBiz.
- collector/nvd-historical
- vendor/apache
- product/ofbiz
- canonical/apache ofbiz
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine