Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7196

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2013-7196
Last Modified 21 Apr 2014 11:40:36
Published 18 Apr 2014 06:14:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-7196

Summary

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.

Vulnerable Systems

Application

  • Phpfox 3.7.3

  • Phpfox 3.7.4

  • Phpfox 3.7.5


References

XF - phpfox-cve20137196-sec-bypass(92336)

BID - 66677

BUGTRAQ - 20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]


Last Updated: 27 May 2016 11:05:02