Unrated severityNVD Advisory· Published Jul 6, 2007· Updated Apr 23, 2026

CVE-2006-7219

Description

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.

Affected products

Ez/Ez Publish
cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*
Range: <=3.8.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5nvdPatch
ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0nvd
issues.ez.no/8795nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000