CVE-2013-7196
PHPFox 3.7.3-3.7.5 - Authenticated Privacy Bypass via Modified val[item_id] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-7196. PoCs published by Wesley Henrique.
AI-analyzed exploit summary This exploit demonstrates an authorization bypass vulnerability in PHPFox by manipulating URL parameters to perform unauthorized actions, such as adding comments without proper authentication. The PoC includes specific parameters to bypass security restrictions.
Description
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Exploits (1)
This exploit demonstrates an authorization bypass vulnerability in PHPFox by manipulating URL parameters to perform unauthorized actions, such as adding comments without proper authentication. The PoC includes specific parameters to bypass security restrictions.