CVE-2006-0114
Joomla! 1.0.5 - Unauthenticated Email Address Exposure via vCard Contact ID
Title source: llmDescription
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18361
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16185
Various Sources x_refsource_confirm
http://forge.joomla.org/sf/go/artf2950
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0097
Various Sources x_refsource_misc
http://www.listerit.com/content/view/116/84/
Various Sources x_refsource_confirm
http://forum.joomla.org/index.php/topic%2C29031.0.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24042
Scores
EPSS
0.0006
EPSS Percentile
18.4%
Details
CWE
CWE-264
Status
published
Products (1)
joomla/joomla
1.0.5
Published
Jan 09, 2006
Tracked Since
Feb 18, 2026