Vulnerabilites related to phpfox - phpfox
Vulnerability from fkie_nvd
Published
2006-05-27 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31C71D9F-2477-4570-AFE0-576BB41134FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter."
}
],
"id": "CVE-2006-2631",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-27T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20280"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/969"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435001/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435887/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1994"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435001/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435887/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 05:15
Modified
2024-11-21 08:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2023/Oct/30 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14 | Product | |
| cve@mitre.org | https://karmainsecurity.com/KIS-2023-12 | Third Party Advisory | |
| cve@mitre.org | https://karmainsecurity.com/pocs/CVE-2023-46817.php | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.phpfox.com/blog/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Oct/30 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://karmainsecurity.com/KIS-2023-12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://karmainsecurity.com/pocs/CVE-2023-46817.php | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpfox.com/blog/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCFC958-00EA-4228-87A9-965E8BDD5983",
"versionEndExcluding": "4.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en phpFox antes de la versi\u00f3n 4.8.14. El par\u00e1metro de solicitud de URL pasado a la ruta /core/redirect no se sanitiza adecuadamente antes de usarse en una llamada a la funci\u00f3n PHP unserialize(). Esto puede ser aprovechado por atacantes remotos no autenticados para inyectar objetos PHP arbitrarios en el \u00e1mbito de la aplicaci\u00f3n, lo que les permite realizar una variedad de ataques, como ejecutar c\u00f3digo PHP arbitrario."
}
],
"id": "CVE-2023-46817",
"lastModified": "2024-11-21T08:29:22.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-03T05:15:30.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://karmainsecurity.com/KIS-2023-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpfox.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://karmainsecurity.com/KIS-2023-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.phpfox.com/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-14 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7433FB23-8016-4E2F-B958-C49D91F5A71C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PHPFox anterior a v3.6.0 (build4) permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro search[sort_by] en user/browse/view_/."
}
],
"id": "CVE-2013-5121",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-14T15:55:07.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96028"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-22 15:15
Modified
2025-04-22 16:06
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mohammedshine.github.io/vulnresearch.html | Third Party Advisory | |
| cve@mitre.org | https://v4.phpfox.com/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mohammedshine.github.io/vulnresearch.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://v4.phpfox.com/ | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:4.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "54282957-1915-4703-81EA-C13A766831B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en PHPFox v4.8.9 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de descripci\u00f3n del video."
}
],
"id": "CVE-2022-34561",
"lastModified": "2025-04-22T16:06:09.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-22T15:15:46.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://v4.phpfox.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://v4.phpfox.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2025-04-12 10:46
Severity ?
Summary
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80D6AF35-3383-4087-8B48-87E61E2419AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97C10E33-E8D7-4828-A18A-DFC29B9C15EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended \"Only Me\" restrictions and \"like\" a publication via a request that specifies the ID for the publication."
},
{
"lang": "es",
"value": "PHPFox 3.7.3 y 3.7.4 permite a usuarios remotos autenticados evadir restricciones \"Only Me\" y \"like\" una publicaci\u00f3n a trav\u00e9s de una solicitud que especifica la ID para la publicaci\u00f3n."
}
],
"id": "CVE-2013-7195",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:35.637",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66672"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2025-04-12 10:46
Severity ?
Summary
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80D6AF35-3383-4087-8B48-87E61E2419AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97C10E33-E8D7-4828-A18A-DFC29B9C15EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCB504A-D72E-485E-8E25-33B81E04B367",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended \"Only Me\" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication."
},
{
"lang": "es",
"value": "static/ajax.php en PHPFox 3.7.3, 3.7.4 y 3.7.5 permite a usuarios remotos autenticados evadir restricciones \"Only Me\" y comentar sobre una publicaci\u00f3n privada a trav\u00e9s de una solicitud con un par\u00e1metro val[item_id] modificado para la publicaci\u00f3n."
}
],
"id": "CVE-2013-7196",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:35.683",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66677"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92336"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-14 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7433FB23-8016-4E2F-B958-C49D91F5A71C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PHPFox anterior a v3.6.0 (build4) permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro search[gender] en user/browse/view_/."
}
],
"id": "CVE-2013-5120",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-14T15:55:07.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96028"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-19 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6455506A-DFD1-4918-98F7-578EF43B217C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en account/settings/account/ in phpFoX v1.6.21, permiten a atacantes remotos cambiar la direcci\u00f3n de correo electr\u00f3nico del administrador mediante la acci\u00f3n act[update]."
}
],
"id": "CVE-2009-0969",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-19T10:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52770"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34333"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-22 15:15
Modified
2025-04-22 16:05
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mohammedshine.github.io/vulnresearch.html | Third Party Advisory | |
| cve@mitre.org | https://v4.phpfox.com/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mohammedshine.github.io/vulnresearch.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://v4.phpfox.com/ | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:4.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "54282957-1915-4703-81EA-C13A766831B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en PHPFox v4.8.9 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el cuadro de estado."
}
],
"id": "CVE-2022-34562",
"lastModified": "2025-04-22T16:05:32.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-22T15:15:46.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://v4.phpfox.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://v4.phpfox.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-22 15:15
Modified
2025-04-22 16:06
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/79.html | Not Applicable | |
| cve@mitre.org | https://mohammedshine.github.io/vulnresearch.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/79.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mohammedshine.github.io/vulnresearch.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpfox:phpfox:4.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "54282957-1915-4703-81EA-C13A766831B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en PHPFox v4.8.9 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Historial."
}
],
"id": "CVE-2022-34560",
"lastModified": "2025-04-22T16:06:20.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-22T15:15:46.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2006-2631 (GCVE-0-2006-2631)
Vulnerability from cvelistv5
Published
2006-05-27 21:00
Modified
2024-08-07 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26697 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/1994 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/435887/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/20280 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/435001/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/969 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpfox-cookie-security-bypass(26697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26697"
},
{
"name": "ADV-2006-1994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1994"
},
{
"name": "20060601 Re: phpFoX All Version Login Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435887/100/0/threaded"
},
{
"name": "20280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20280"
},
{
"name": "20060523 phpFoX All Version Login Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435001/100/0/threaded"
},
{
"name": "969",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpfox-cookie-security-bypass(26697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26697"
},
{
"name": "ADV-2006-1994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1994"
},
{
"name": "20060601 Re: phpFoX All Version Login Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435887/100/0/threaded"
},
{
"name": "20280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20280"
},
{
"name": "20060523 phpFoX All Version Login Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435001/100/0/threaded"
},
{
"name": "969",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/969"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpfox-cookie-security-bypass(26697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26697"
},
{
"name": "ADV-2006-1994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1994"
},
{
"name": "20060601 Re: phpFoX All Version Login Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435887/100/0/threaded"
},
{
"name": "20280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20280"
},
{
"name": "20060523 phpFoX All Version Login Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435001/100/0/threaded"
},
{
"name": "969",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/969"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2631",
"datePublished": "2006-05-27T21:00:00",
"dateReserved": "2006-05-27T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46817 (GCVE-0-2023-46817)
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-09-06 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpfox.com/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/30"
},
{
"tags": [
"x_transferred"
],
"url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://karmainsecurity.com/KIS-2023-12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46817",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T13:48:02.933660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T13:48:48.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T04:44:07.604450",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpfox.com/blog/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/30"
},
{
"url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php"
},
{
"url": "https://karmainsecurity.com/KIS-2023-12"
},
{
"url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46817",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-10-27T00:00:00",
"dateUpdated": "2024-09-06T13:48:48.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5121 (GCVE-0-2013-5121)
Vulnerability from cvelistv5
Published
2013-08-14 15:00
Modified
2024-09-16 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61660 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/96028 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/27430 | exploit, x_refsource_EXPLOIT-DB | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:50.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61660"
},
{
"name": "96028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96028"
},
{
"name": "27430",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"name": "20130807 PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-14T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61660"
},
{
"name": "96028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96028"
},
{
"name": "27430",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"name": "20130807 PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61660"
},
{
"name": "96028",
"refsource": "OSVDB",
"url": "http://osvdb.org/96028"
},
{
"name": "27430",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"name": "20130807 PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5121",
"datePublished": "2013-08-14T15:00:00Z",
"dateReserved": "2013-08-14T00:00:00Z",
"dateUpdated": "2024-09-16T19:41:23.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34560 (GCVE-0-2022-34560)
Vulnerability from cvelistv5
Published
2024-04-22 00:00
Modified
2024-10-27 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T13:14:48.415670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T14:44:50.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T14:24:23.436791",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34560",
"datePublished": "2024-04-22T00:00:00",
"dateReserved": "2022-06-26T00:00:00",
"dateUpdated": "2024-10-27T14:44:50.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5120 (GCVE-0-2013-5120)
Vulnerability from cvelistv5
Published
2013-08-14 15:00
Modified
2024-09-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61660 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/96028 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/27430 | exploit, x_refsource_EXPLOIT-DB | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:50.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61660"
},
{
"name": "96028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96028"
},
{
"name": "27430",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"name": "20130807 PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-14T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61660"
},
{
"name": "96028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96028"
},
{
"name": "27430",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"name": "20130807 PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61660"
},
{
"name": "96028",
"refsource": "OSVDB",
"url": "http://osvdb.org/96028"
},
{
"name": "27430",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/27430"
},
{
"name": "20130807 PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0048.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5120",
"datePublished": "2013-08-14T15:00:00Z",
"dateReserved": "2013-08-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:13:49.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0969 (GCVE-0-2009-0969)
Vulnerability from cvelistv5
Published
2009-03-19 10:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/52770 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt | x_refsource_MISC | |
| http://secunia.com/advisories/34333 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49288 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt"
},
{
"name": "34333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34333"
},
{
"name": "phpfox-email-account-csrf(49288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt"
},
{
"name": "34333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34333"
},
{
"name": "phpfox-email-account-csrf(49288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52770",
"refsource": "OSVDB",
"url": "http://osvdb.org/52770"
},
{
"name": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt"
},
{
"name": "34333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34333"
},
{
"name": "phpfox-email-account-csrf(49288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0969",
"datePublished": "2009-03-19T10:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34561 (GCVE-0-2022-34561)
Vulnerability from cvelistv5
Published
2024-04-22 00:00
Modified
2024-08-03 09:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpfox:phpfox:4.8.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpfox",
"vendor": "phpfox",
"versions": [
{
"status": "affected",
"version": "4.8.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T14:55:12.296764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T19:15:47.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://v4.phpfox.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T14:24:24.687880",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://v4.phpfox.com/"
},
{
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34561",
"datePublished": "2024-04-22T00:00:00",
"dateReserved": "2022-06-26T00:00:00",
"dateUpdated": "2024-08-03T09:15:15.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7195 (GCVE-0-2013-7195)
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/66672 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92335 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/531745/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66672"
},
{
"name": "phpfox-cve20137195-sec-bypass(92335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92335"
},
{
"name": "20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended \"Only Me\" restrictions and \"like\" a publication via a request that specifies the ID for the publication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66672"
},
{
"name": "phpfox-cve20137195-sec-bypass(92335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92335"
},
{
"name": "20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended \"Only Me\" restrictions and \"like\" a publication via a request that specifies the ID for the publication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66672"
},
{
"name": "phpfox-cve20137195-sec-bypass(92335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92335"
},
{
"name": "20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7195",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2013-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7196 (GCVE-0-2013-7196)
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92336 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/66677 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/531745/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpfox-cve20137196-sec-bypass(92336)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92336"
},
{
"name": "66677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66677"
},
{
"name": "20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended \"Only Me\" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpfox-cve20137196-sec-bypass(92336)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92336"
},
{
"name": "66677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66677"
},
{
"name": "20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended \"Only Me\" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpfox-cve20137196-sec-bypass(92336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92336"
},
{
"name": "66677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66677"
},
{
"name": "20140405 Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531745/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7196",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2013-12-22T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34562 (GCVE-0-2022-34562)
Vulnerability from cvelistv5
Published
2024-04-22 00:00
Modified
2024-10-27 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T13:14:39.384700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T14:45:47.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://v4.phpfox.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T14:24:25.671645",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://v4.phpfox.com/"
},
{
"url": "https://mohammedshine.github.io/vulnresearch.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34562",
"datePublished": "2024-04-22T00:00:00",
"dateReserved": "2022-06-26T00:00:00",
"dateUpdated": "2024-10-27T14:45:47.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}