The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2005-12-31 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-4853
Mitre link : CVE-2005-4853
CVE.ORG link : CVE-2005-4853
JSON object : View
Products Affected
ez
- ez_publish
CWE
CWE-264
Permissions, Privileges, and Access Controls