Unrated severityNVD Advisory· Published Aug 23, 2007· Updated Apr 23, 2026

CVE-2007-4494

Description

The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

Affected products

Ez/Ez Publish4 versions
cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*range: <=3.8.8
- cpe:2.3:a:ez:ez_publish:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.9.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3nvdPatch
ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9nvd
ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9nvd
osvdb.org/40325nvd
secunia.com/advisories/26686nvd
www.securityfocus.com/bid/25538nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000