Vulnerabilities > CVE-2007-4494 - Unspecified vulnerability in EZ Publish
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
Vulnerable Configurations
References
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3
- http://osvdb.org/40325
- http://osvdb.org/40325
- http://secunia.com/advisories/26686
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25538
- http://www.securityfocus.com/bid/25538