Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2005-4853

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

  • Published: Dec 31, 2005
  • Updated: Apr 13, 2023
  • CVE: CVE-2005-4853
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.4
  • AV:N/AC:L/Au:N/C:N/I:C/A:C

CWEs:

Software From Fixed in
ez / ez_publish 3.5.2 3.5.2.x
ez / ez_publish 3.5.0 3.5.0.x
ez / ez_publish 3.5.3 3.5.3.x
ez / ez_publish 3.5.4 3.5.4.x
ez / ez_publish 3.5.1 3.5.1.x