Vulnerability Description
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ez | Ez Publish | <= 3.8.0 |
Related Weaknesses (CWE)
References
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_Patch
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_
- http://issues.ez.no/8539
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_Patch
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_
- http://issues.ez.no/8539
FAQ
What is CVE-2006-7218?
CVE-2006-7218 is a vulnerability with a CVSS score of 4.0 (MEDIUM). eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into la...
How severe is CVE-2006-7218?
CVE-2006-7218 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7218?
Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.