2 matches found
CVE-2013-7196
PHPFox 3.7.3–3.7.5 contains a flaw in static/ajax.php that allows remote authenticated users to bypass the "Only Me" privacy setting and post a comment on private publications by manipulating the val[item_id] parameter. The root cause is insufficient access control in AJAX comment/like handling, ...
CVE-2013-7196
creationtimestamp| type| source ---|---|--- 2014-04-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39139...