CVE-2005-4853

Published: Dec 31, 2005Modified: Apr 16, 2026

9.4

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Exploitability: 10.0 / Impact: 9.2

Source: NVD

Description

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

Affected (5)

Products: Ez: Ez Publish

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	Version 3.5.0
Ez Ez Publish	Version 3.5.1
Ez Ez Publish	Version 3.5.2
Ez Ez Publish	Version 3.5.3
Ez Ez Publish	Version 3.5.4

Related CWEs

References (4)

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: cve@mitre.org

http://issues.ez.no/7052

Source: cve@mitre.org

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: af854a3a-2127-422b-91ae-364da2661108

http://issues.ez.no/7052

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.