CVE-2005-4850

Published: Dec 31, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

Affected (1)

Products: Ez: Ez Publish

1 product

Ez Publish

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	From 3.5.0 to 3.7

Related CWEs

CWE-264

References (4)

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: cve@mitre.org

PatchVendor Advisory

http://issues.ez.no/6680

Source: cve@mitre.org

Broken Link

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://issues.ez.no/6680

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.