eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
References
Link | Resource |
---|---|
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 | Product |
http://issues.ez.no/6841 | Broken Link |
Configurations
History
No history.
Information
Published : 2005-12-31 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-4851
Mitre link : CVE-2005-4851
CVE.ORG link : CVE-2005-4851
JSON object : View
Products Affected
ez
- ez_publish
CWE
CWE-287
Improper Authentication