CVE-2005-4853
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
31/12/2005
Last modified:
28/07/2015
Description
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
Impact
Base Score 2.0
9.40
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ez:ez_publish:3.5.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:ez:ez_publish:3.5.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ez:ez_publish:3.5.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ez:ez_publish:3.5.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:ez:ez_publish:3.5.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page