Vulnerabilities > Phpfox > Phpfox > 3.7.3

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-46817 Deserialization of Untrusted Data vulnerability in PHPfox
An issue was discovered in phpFox before 4.8.14.
network
low complexity
phpfox CWE-502
critical
 9.8
9.8
2014-04-18 CVE-2013-7196 Permissions, Privileges, and Access Controls vulnerability in PHPfox 3.7.3/3.7.4/3.7.5
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
network
low complexity
phpfox CWE-264
5.5
5.5
2014-04-18 CVE-2013-7195 Permissions, Privileges, and Access Controls vulnerability in PHPfox 3.7.3/3.7.4
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
network
low complexity
phpfox CWE-264
5.5
5.5