PT-2008-2321 · Magnolia · Magnolia Ce
Published
2008-02-12
·
Updated
2008-12-17
·
CVE-2008-0701
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Magnolia CE versions 3.5.x through 3.5.3
Description
The issue concerns the ActivationHandler in Magnolia CE, which fails to check permissions during the import process. This allows remote attackers to potentially add arbitrary new content by activating a new item, although the full impact is not specified.
Recommendations
For Magnolia CE versions 3.5.x through 3.5.3, update to version 3.5.4 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magnolia Ce