Vulnerability Details CVE-2007-4494
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3
- http://osvdb.org/40325
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25538
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3
- http://osvdb.org/40325
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25538
Products affected by CVE-2007-4494
-
cpe:2.3:a:ez:ez_publish:2.9-3
-
cpe:2.3:a:ez:ez_publish:2.9-4
-
cpe:2.3:a:ez:ez_publish:2.9-5
-
cpe:2.3:a:ez:ez_publish:2.9-6
-
cpe:2.3:a:ez:ez_publish:2.9-7
-
cpe:2.3:a:ez:ez_publish:3.0-1
-
cpe:2.3:a:ez:ez_publish:3.0-2
-
cpe:2.3:a:ez:ez_publish:3.1-1
-
cpe:2.3:a:ez:ez_publish:3.1.0-1
-
cpe:2.3:a:ez:ez_publish:3.1.0-2
-
cpe:2.3:a:ez:ez_publish:3.2-1
-
cpe:2.3:a:ez:ez_publish:3.2-2
-
cpe:2.3:a:ez:ez_publish:3.2-3
-
cpe:2.3:a:ez:ez_publish:3.2-4
-
cpe:2.3:a:ez:ez_publish:3.2-5
-
cpe:2.3:a:ez:ez_publish:3.2-6
-
cpe:2.3:a:ez:ez_publish:3.2.0-1
-
cpe:2.3:a:ez:ez_publish:3.2.0-2
-
cpe:2.3:a:ez:ez_publish:3.3-1
-
cpe:2.3:a:ez:ez_publish:3.3-2
-
cpe:2.3:a:ez:ez_publish:3.3-3
-
cpe:2.3:a:ez:ez_publish:3.3-4
-
cpe:2.3:a:ez:ez_publish:3.3-5
-
cpe:2.3:a:ez:ez_publish:3.3-6
-
cpe:2.3:a:ez:ez_publish:3.3-7
-
cpe:2.3:a:ez:ez_publish:3.3.0-1
-
cpe:2.3:a:ez:ez_publish:3.3.0-2
-
cpe:2.3:a:ez:ez_publish:3.4.0
-
cpe:2.3:a:ez:ez_publish:3.4.1
-
cpe:2.3:a:ez:ez_publish:3.4.2
-
cpe:2.3:a:ez:ez_publish:3.4.3
-
cpe:2.3:a:ez:ez_publish:3.4.4
-
cpe:2.3:a:ez:ez_publish:3.4.5
-
cpe:2.3:a:ez:ez_publish:3.4.6
-
cpe:2.3:a:ez:ez_publish:3.4.7
-
cpe:2.3:a:ez:ez_publish:3.4.8
-
cpe:2.3:a:ez:ez_publish:3.5.0
-
cpe:2.3:a:ez:ez_publish:3.5.1
-
cpe:2.3:a:ez:ez_publish:3.5.10
-
cpe:2.3:a:ez:ez_publish:3.5.11
-
cpe:2.3:a:ez:ez_publish:3.5.2
-
cpe:2.3:a:ez:ez_publish:3.5.3
-
cpe:2.3:a:ez:ez_publish:3.5.4
-
cpe:2.3:a:ez:ez_publish:3.5.5
-
cpe:2.3:a:ez:ez_publish:3.5.6
-
cpe:2.3:a:ez:ez_publish:3.5.7
-
cpe:2.3:a:ez:ez_publish:3.5.8
-
cpe:2.3:a:ez:ez_publish:3.5.9
-
cpe:2.3:a:ez:ez_publish:3.6.0
-
cpe:2.3:a:ez:ez_publish:3.6.1
-
cpe:2.3:a:ez:ez_publish:3.6.10
-
cpe:2.3:a:ez:ez_publish:3.6.11
-
cpe:2.3:a:ez:ez_publish:3.6.12
-
cpe:2.3:a:ez:ez_publish:3.6.2
-
cpe:2.3:a:ez:ez_publish:3.6.3
-
cpe:2.3:a:ez:ez_publish:3.6.4
-
cpe:2.3:a:ez:ez_publish:3.6.5
-
cpe:2.3:a:ez:ez_publish:3.6.6
-
cpe:2.3:a:ez:ez_publish:3.6.7
-
cpe:2.3:a:ez:ez_publish:3.6.8
-
cpe:2.3:a:ez:ez_publish:3.6.9
-
cpe:2.3:a:ez:ez_publish:3.7.0
-
cpe:2.3:a:ez:ez_publish:3.7.1
-
cpe:2.3:a:ez:ez_publish:3.7.10
-
cpe:2.3:a:ez:ez_publish:3.7.11
-
cpe:2.3:a:ez:ez_publish:3.7.12
-
cpe:2.3:a:ez:ez_publish:3.7.2
-
cpe:2.3:a:ez:ez_publish:3.7.3
-
cpe:2.3:a:ez:ez_publish:3.7.4
-
cpe:2.3:a:ez:ez_publish:3.7.5
-
cpe:2.3:a:ez:ez_publish:3.7.6
-
cpe:2.3:a:ez:ez_publish:3.7.7
-
cpe:2.3:a:ez:ez_publish:3.7.8
-
cpe:2.3:a:ez:ez_publish:3.7.9
-
cpe:2.3:a:ez:ez_publish:3.8.0
-
cpe:2.3:a:ez:ez_publish:3.8.1
-
cpe:2.3:a:ez:ez_publish:3.8.2
-
cpe:2.3:a:ez:ez_publish:3.8.3
-
cpe:2.3:a:ez:ez_publish:3.8.4
-
cpe:2.3:a:ez:ez_publish:3.8.5
-
cpe:2.3:a:ez:ez_publish:3.8.6
-
cpe:2.3:a:ez:ez_publish:3.8.7
-
cpe:2.3:a:ez:ez_publish:3.8.8
-
cpe:2.3:a:ez:ez_publish:3.9.0
-
cpe:2.3:a:ez:ez_publish:3.9.1
-
cpe:2.3:a:ez:ez_publish:3.9.2