CVE-2006-7218 — Publish vulnerability

CWE-2642 documents2 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 58.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EZ Publish

Timeline

PublishedJul 6

Latest updateMay 1

Description

eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDez/ez_publish3.8.0

Patches

Patch: ez.no ↗Patch: ez.no ↗

🔴Vulnerability Details

GHSA

GHSA-wccx-mrcg-w55h: eZ publish before 3↗2022-05-01

▶