Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026
CVE-2005-4853
CVE-2005-4853
Description
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
Affected products
6cpe:2.3:a:ez:ez_publish:3.5.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:ez:ez_publish:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.4:*:*:*:*:*:*:*
- (no CPE)range: <3.5.5, <3.6.2, <3.7.0rc2, <20050818
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.