CVE-2005-4853

Severity

94%

Complexity

99%

Confidentiality

153%

Vendor has fixed this vulnerability in an upgrade starting at 3.5.5: http://ez.no/download/ez_publish

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

Vendor has fixed this vulnerability in an upgrade starting at 3.5.5: http://ez.no/download/ez_publish

CVSS 2.0 Base Score 9.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:C/A:C).

Overview

Type

eZ Publish

First reported 19 years ago

2005-12-31 05:00:00

Last updated 9 years ago

2015-07-28 14:41:00

Affected Software

eZ Publish 3.5.0

3.5.0

eZ Publish 3.5.1

3.5.1

eZ Publish 3.5.2

3.5.2

eZ Publish 3.5.3

3.5.3

eZ Publish 3.5.4

3.5.4

References

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

http://issues.ez.no/7052

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.