CVE-2013-7196
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0271 (2.7%)
Percentil: 86.0%
EPSS: 2026-05-06
Afecta
phpfox:phpfoxDescripción técnica
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Publicada: 18/4/2014, 22:14:35
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www.securityfocus.com/archive/1/531745/100/0/threaded
- http://www.securityfocus.com/bid/66677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92336
- http://www.securityfocus.com/archive/1/531745/100/0/threaded
- http://www.securityfocus.com/bid/66677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92336