CVE-2006-7218

{"id": "CVE-2006-7218", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-06T19:30:00.000", "references": [{"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0", "source": "cve@mitre.org"}, {"url": "http://issues.ez.no/8539", "source": "cve@mitre.org"}, {"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://issues.ez.no/8539", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "eZ publish before 3.8.1 does not properly enforce permissions for \"content edit Language\" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy."}, {"lang": "es", "value": "eZ publish versiones anteriores a 3.8.1 no hace cumplir los permisos apropiadamente para \"Idioma de edici\u00f3n de contenido\" cuando hay cuatro o m\u00e1s idiomas, lo cual permite a usuarios remotos autenticados realizar traducciones en idiomas que no se listan en una pol\u00edtica de Limitaci\u00f3n de M\u00f3dulo de Funci\u00f3n."}], "lastModified": "2024-11-21T00:24:39.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CDE6E82-F846-4CB2-914B-2C823676D8C5", "versionEndIncluding": "3.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}