The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
CPE | Name | Operator | Version |
---|---|---|---|
ez_publish | le | 3.8.8 | |
ez_publish | eq | 3.9.0 | |
ez_publish | eq | 3.9.2 | |
ez_publish | eq | 3.9.1 |