1. Home
  2. CVE Database
  3. CVE-2006-6588
HIGH · 7.5

CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which al...

Vulnerability Description

The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
ApacheOfbizAll versions

References

FAQ

What is CVE-2006-6588?

CVE-2006-6588 is a vulnerability with a CVSS score of 7.5 (HIGH). The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which al...

How severe is CVE-2006-6588?

CVE-2006-6588 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6588?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Ofbiz.