CVE-2005-4856

Published: Dec 31, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

Affected (16)

Products: Ez: Ez Publish

1 product

Ez Publish

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	Up to 3.8.0
Ez Ez Publish	Version 3.5.0
Ez Ez Publish	Version 3.5.1
Ez Ez Publish	Version 3.5.2
Ez Ez Publish	Version 3.5.3
Ez Ez Publish	Version 3.5.4
Ez Ez Publish	Version 3.5.5
Ez Ez Publish	Version 3.5.6
Ez Ez Publish	Version 3.6.0
Ez Ez Publish	Version 3.6.1
Ez Ez Publish	Version 3.6.2
Ez Ez Publish	Version 3.6.3
Ez Ez Publish	Version 3.6.4
Ez Ez Publish	Version 3.7.0
Ez Ez Publish	Version 3.7.1
Ez Ez Publish	Version 3.7.2

Related CWEs

CWE-19

References (4)

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: cve@mitre.org

http://issues.ez.no/6703

Source: cve@mitre.org

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: af854a3a-2127-422b-91ae-364da2661108

http://issues.ez.no/6703

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.