PT-2005-5514 · Ez Systems · Ez Publish
Publicado
2005-12-31
·
Atualizado
2015-07-28
·
CVE-2005-4853
CVSS v2.0
9.4
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
eZ publish versions 3.5 through 3.5.4
eZ publish versions 3.6 through 3.6.1
eZ publish versions 3.7 through 3.7.0rc1
eZ publish versions 3.8 before 20050818
Description:
The default configuration of the forum package does not restrict edit permissions to a posting's owner. This allows remote authenticated users to edit arbitrary postings.
Recommendations:
For versions 3.5 through 3.5.4, update to version 3.5.5 or later.
For versions 3.6 through 3.6.1, update to version 3.6.2 or later.
For versions 3.7 through 3.7.0rc1, update to version 3.7.0rc2 or later.
For versions 3.8 before 20050818, update to a version released on or after 20050818.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ez Publish