PT-2005-5512 · Ez Systems · Ez Publish
Publicado
2005-12-31
·
Atualizado
2019-07-31
·
CVE-2005-4851
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
eZ publish versions 3.4.4 through 3.7 before 20050722
Description:
The issue allows remote authenticated users to bypass original permissions on embedded objects in XML fields and read these objects, due to certain permissions being applied on the node level.
Recommendations:
For versions 3.4.4 through 3.7 before 20050722, update to a version released after 20050722 to resolve the issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ez Publish