Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7195

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2013-7195
Last Modified 21 Apr 2014 11:38:05
Published 18 Apr 2014 06:14:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-7195

Summary

PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.

Vulnerable Systems

Application

  • Phpfox 3.7.3

  • Phpfox 3.7.4


References

XF - phpfox-cve20137195-sec-bypass(92335)

BID - 66672

BUGTRAQ - 20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]


Last Updated: 27 May 2016 10:50:03