Description

The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.

Remediation

References

CVE-2006-0114

Related Vulnerabilities

WordPress Plugin SpiderCatalog Unspecified Vulnerability (1.6.8)

WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)

WordPress Plugin Mingle Forum 'edit_post_id' Parameter SQL Injection (1.0.31)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5589)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.1)

Severity

Medium

Classification

CVE-2006-0114 CWE-264

Tags

Missing Update Known Vulnerabilities