CVE-2005-4850

2022-10-0316:22:44

mitre

www.cve.org

ez publish

permissions

vulnerability

remote attackers

data submission

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.9%

JSON

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

References

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

issues.ez.no/6680