CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4856
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-19

Affected Software
References

Software	From	Fixed in
ez / ez_publish	3.6.3	3.6.3.x
ez / ez_publish	3.6.1	3.6.1.x
ez / ez_publish	3.5.2	3.5.2.x
ez / ez_publish	3.6.4	3.6.4.x
ez / ez_publish	3.7.1	3.7.1.x
ez / ez_publish	3.6.0	3.6.0.x
ez / ez_publish	3.5.0	3.5.0.x
ez / ez_publish	3.5.3	3.5.3.x
ez / ez_publish	3.5.5	3.5.5.x
ez / ez_publish	3.5.4	3.5.4.x
ez / ez_publish	-	3.8.0.x
ez / ez_publish	3.7.2	3.7.2.x
ez / ez_publish	3.5.1	3.5.1.x
ez / ez_publish	3.6.2	3.6.2.x
ez / ez_publish	3.7.0	3.7.0.x
ez / ez_publish	3.5.6	3.5.6.x

Vulnerability Database

291,049

CVE-2005-4856