CVE-2006-7219 — Publish vulnerability

CWE-2642 documents2 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 58.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EZ Publish

Timeline

PublishedJul 6

Latest updateMay 1

Description

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDez/ez_publish3.8.4

Patches

Patch: ez.no ↗Patch: ez.no ↗

🔴Vulnerability Details

GHSA

GHSA-p3pw-rc39-p424: eZ publish before 3↗2022-05-01

▶