Published: 18/04/2014 Updated: 09/10/2018

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 555

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpfox phpfox 3.7.4
phpfox phpfox 3.7.5
phpfox phpfox 3.7.3

PHPFox version 373, 374, and 375 suffer from an authorization bypass vulnerability ...

source: wwwsecurityfocuscom/bid/66677/info PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks PHPFox 373, 374 and 37 ...

POC

CVE I realy love it!!! All these publications were my first, today I have a slightly different view of how I should have built this path, well, it's true that we have improved over time CVE-2014-8469 PHPFOX XSS ADMINCP CVE-2013-7196 Comment on a publication set to "Only Me" CVE-2013-7195 Flag as "like" a publication set to "Only Me" CVE-2013

CWE-264 http://www.securityfocus.com/bid/66677 https://exchange.xforce.ibmcloud.com/vulnerabilities/92336 http://www.securityfocus.com/archive/1/531745/100/0/threaded https://nvd.nist.gov https://github.com/wesleyleite/CVE https://packetstormsecurity.com/files/126035/PHPFox-3.7.5-Authorization-Bypass.html https://www.exploit-db.com/exploits/39139/

CVE-2013-7196

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect