PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpfox phpfox 3.7.4 |
||
phpfox phpfox 3.7.3 |