Lucene search

[email protected]CVE-2008-6844

HistoryJul 02, 2009 - 10:30 a.m.

CVE-2008-6844

2009-07-0210:30:00

CWE-264

[email protected]

web.nvd.nist.gov

ez publish

remote attack

privilege escalation

cve-2008-6844

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

Affected configurations

NVD

Node

ezez_publishRange≤3.5.6

ezez_publishMatch3.4.8

ezez_publishMatch3.5.4

ezez_publishMatch3.5.5

ezez_publishMatch3.5.7

ezez_publishMatch3.5.8

ezez_publishMatch3.6.0

ezez_publishMatch3.6.1

ezez_publishMatch3.6.2

ezez_publishMatch3.6.3

ezez_publishMatch3.6.4

ezez_publishMatch3.6.5

ezez_publishMatch3.7.0

ezez_publishMatch3.7.1

ezez_publishMatch3.7.2

ezez_publishMatch3.7.3

ezez_publishMatch3.8.8

ezez_publishMatch3.8.9

ezez_publishMatch3.9.0

ezez_publishMatch3.9.1

ezez_publishMatch3.9.2

ezez_publishMatch3.9.4

ezez_publishMatch3.10

ezez_publishMatch4.0

CPENameOperatorVersion
ez:ez_publishez ez publishle3.5.6
ez:ez_publishez ez publisheq3.4.8
ez:ez_publishez ez publisheq3.5.4
ez:ez_publishez ez publisheq3.5.5
ez:ez_publishez ez publisheq3.5.7
ez:ez_publishez ez publisheq3.5.8
ez:ez_publishez ez publisheq3.6.0
ez:ez_publishez ez publisheq3.6.1
ez:ez_publishez ez publisheq3.6.2
ez:ez_publishez ez publisheq3.6.3

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	le	3.5.6
ez:ez_publish	ez ez publish	eq	3.4.8
ez:ez_publish	ez ez publish	eq	3.5.4
ez:ez_publish	ez ez publish	eq	3.5.5
ez:ez_publish	ez ez publish	eq	3.5.7
ez:ez_publish	ez ez publish	eq	3.5.8
ez:ez_publish	ez ez publish	eq	3.6.0
ez:ez_publish	ez ez publish	eq	3.6.1
ez:ez_publish	ez ez publish	eq	3.6.2
ez:ez_publish	ez ez publish	eq	3.6.3

Rows per page:

1-10 of 241

References

ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible

www.osvdb.org/52708

www.securityfocus.com/bid/32762

exchange.xforce.ibmcloud.com/vulnerabilities/47216

www.exploit-db.com/exploits/7406

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

Related for CVE-2008-6844

ubuntucve1 cvelist1 nvd1 prion1