CVE-2007-4494

Published: Aug 23, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

Affected (4)

Products: Ez: Ez Publish

1 product

Ez Publish

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	Up to 3.8.8
Ez Ez Publish	Version 3.9.0
Ez Ez Publish	Version 3.9.1
Ez Ez Publish	Version 3.9.2

References (12)

http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9

Source: cve@mitre.org

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9

Source: cve@mitre.org

http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3

Source: cve@mitre.org

Patch

http://osvdb.org/40325

Source: cve@mitre.org

http://secunia.com/advisories/26686

Source: cve@mitre.org

http://www.securityfocus.com/bid/25538

Source: cve@mitre.org

http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9