CVE-2005-4855 — Unrestricted File Upload in Publish

CWE-2642 documents2 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 58.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EZ Publish

Timeline

PublishedDec 31

Latest updateMay 1

Description

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDez/ez_publish3.5.0 — 3.5.5+3

🔴Vulnerability Details

GHSA

GHSA-q58x-g5cp-qvh7: Unrestricted file upload vulnerability in eZ publish 3↗2022-05-01

▶