PT-2006-1194 · Joomla · Joomla!
Published
2006-01-09
·
Updated
2017-07-20
·
CVE-2006-0114
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Joomla! version 1.0.5
Description:
The issue concerns the vCard functions, which use predictable sequential IDs for vcards and do not restrict access to them. This allows remote attackers to obtain valid e-mail addresses by modifying the
contact id parameter to "index2.php" API endpoint, potentially leading to spam attacks.Recommendations:
For Joomla! version 1.0.5, restrict access to the vCard functions to prevent unauthorized access, and consider modifying the
contact id parameter handling in the "index2.php" API endpoint to prevent manipulation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!