The default configuration of the forum package in eZ publish 3.5 prior to 3.5.5, 3.6 prior to 3.6.2, 3.7 prior to 3.7.0rc2, and 3.8 prior to 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ez ez publish 3.5.0 |
||
ez ez publish 3.5.1 |
||
ez ez publish 3.5.2 |
||
ez ez publish 3.5.3 |
||
ez ez publish 3.5.4 |