Описание
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-4494
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3
- http://osvdb.org/40325
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25538
EPSS
CVE ID
Связанные уязвимости
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9 ...
EPSS