CVE-2013-7196 : static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated us

static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.

Published 2014-04-18 22:14:36

Updated 2018-10-09 19:35:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-7196

Phpfox » Phpfox » Version: 3.7.4
cpe:2.3:a:phpfox:phpfox:3.7.4:*:*:*:*:*:*:*
Matching versions
Phpfox » Phpfox » Version: 3.7.3
cpe:2.3:a:phpfox:phpfox:3.7.3:*:*:*:*:*:*:*
Matching versions
Phpfox » Phpfox » Version: 3.7.5
cpe:2.3:a:phpfox:phpfox:3.7.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-7196

EPSS FAQ

0.81%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-7196

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-7196

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-7196

http://www.securityfocus.com/bid/66677

PHPFox CVE-2013-7196 Access Control Security Bypass Vulnerability
http://www.securityfocus.com/archive/1/531745/100/0/threaded

SecurityFocus

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/92336

PHPFox comments security bypass CVE-2013-7196 Vulnerability Report

Jump to

Vulnerability Details : CVE-2013-7196

Products affected by CVE-2013-7196

Exploit prediction scoring system (EPSS) score for CVE-2013-7196

CVSS scores for CVE-2013-7196

CWE ids for CVE-2013-7196

References for CVE-2013-7196