Vulnerability Description
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ez | Ez Publish | 3.5.0 |
Related Weaknesses (CWE)
References
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x
- http://issues.ez.no/7052
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x
- http://issues.ez.no/7052
FAQ
What is CVE-2005-4853?
CVE-2005-4853 is a vulnerability with a CVSS score of 9.4 (HIGH). The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, w...
How severe is CVE-2005-4853?
CVE-2005-4853 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4853?
Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.