CVE-2005-4853 — Publish vulnerability

CWE-2642 documents2 sources

Severity

9.4CRITICALNVD

EPSS

0.5%

top 33.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EZ Publish

Timeline

PublishedDec 31

Latest updateMay 1

Description

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

CVSS vector

AV:N/AC:L/C:N/I:C/A:CExploitability: 10.0 | Impact: 9.2

Affected Packages1 packages

▶NVDez/ez_publish5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jx74-m5hp-97vh: The default configuration of the forum package in eZ publish 3↗2022-05-01

▶