CVE-2006-6588

2022-10-0316:21:21

mitre

www.cve.org

apache

ofbiz

ecommerce

remote attackers

unauthorized content

form fields

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.

References

issues.apache.org/jira/browse/OFBIZ-178