3 matches found
CVE-2013-7195
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication...
CVE-2013-7195
PHPFox 3.7.3 and 3.7.4 contain an authorization bypass that lets remote authenticated users bypass the privacy setting "Only Me" for publications by crafting requests (e.g., like or comment) that specify the publication ID. The flaw arises in how doLike/comment.add processes item_id and related f...
PHPFox access control security restriction bypass Vulnerability(CVE-2 0 1 3-7 1 9 5)-vulnerability warning-the black bar safety net
Affected system: PHPFox PHPFox Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 6 6 6 7 2 CVECAN ID: CVE-2 0 1 3-7 1 9 5 PHPFox is a social network script. PHPFox 3.7.3, 3.7.4, 3.7.5 in the realization of the presence of security restrictio...