The siteaccess URIMatching implementation in eZ publish 3.5 up to and including 3.8 prior to 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote malicious users to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ez ez publish |