Published: 18/04/2014 Updated: 09/10/2018

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 555

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpfox phpfox 3.7.4
phpfox phpfox 3.7.5
phpfox phpfox 3.7.3

source: wwwsecurityfocuscom/bid/66677/info PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks PHPFox 373, 374 and 37 ...

PHPFox version 373, 374, and 375 suffer from an authorization bypass vulnerability ...

POC

CVE I realy love it!!! All these publications were my first, today I have a slightly different view of how I should have built this path, well, it's true that we have improved over time CVE-2014-8469 PHPFOX XSS ADMINCP CVE-2013-7196 Comment on a publication set to "Only Me" CVE-2013-7195 Flag as "like" a publication set to "Only Me" CVE-2013

CWE-264 http://www.securityfocus.com/bid/66677 https://exchange.xforce.ibmcloud.com/vulnerabilities/92336 http://www.securityfocus.com/archive/1/531745/100/0/threaded https://nvd.nist.gov https://github.com/wesleyleite/CVE https://www.exploit-db.com/exploits/39139/

CVE-2013-7196

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect