PT-2005-5514 · Ez Systems · Ez Publish

Published

2005-12-31

Updated

2015-07-28

CVE-2005-4853

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: eZ publish versions 3.5 through 3.5.4 eZ publish versions 3.6 through 3.6.1 eZ publish versions 3.7 through 3.7.0rc1 eZ publish versions 3.8 before 20050818

Description: The default configuration of the forum package does not restrict edit permissions to a posting's owner. This allows remote authenticated users to edit arbitrary postings.

Recommendations: For versions 3.5 through 3.5.4, update to version 3.5.5 or later. For versions 3.6 through 3.6.1, update to version 3.6.2 or later. For versions 3.7 through 3.7.0rc1, update to version 3.7.0rc2 or later. For versions 3.8 before 20050818, update to a version released on or after 20050818.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2005-4853

Affected Products

Ez Publish

PT-2005-5514 · Ez Systems · Ez Publish

CVE-2005-4853

Weakness Enumeration

Related Identifiers

Affected Products

References · 4