PT-2009-2313 · Ez Systems · Ez Publish
S4Avrd0W
·
Publicado
2009-07-02
·
Atualizado
2017-09-29
·
CVE-2008-6844
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
eZ Publish versions 3.5.6 and earlier
eZ Publish versions prior to 3.9.5
eZ Publish versions prior to 3.10.1
eZ Publish versions prior to 4.0.1
Description:
The issue allows remote attackers to gain privileges as other users via modified parameters in the registration view. The affected API endpoint is "/user/register". The vulnerable parameters include
ContentObjectAttribute data user login 30 and ContentObjectAttribute data user password 30.Recommendations:
For versions 3.5.6 and earlier, update to a version later than 3.5.6.
For versions prior to 3.9.5, update to version 3.9.5 or later.
For versions prior to 3.10.1, update to version 3.10.1 or later.
For versions prior to 4.0.1, update to version 4.0.1 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ez Publish