Description
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2178)
ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-31649)
WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)
WebLogic CVE-2020-2547 Vulnerability (CVE-2020-2547)
Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)