CVE-2005-4851

eZ publish <3.7 - Privilege Escalation

Title source: llm

Description

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

References (2)

[Product] http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

[Broken Link] http://issues.ez.no/6841

Scores

EPSS 0.0014

EPSS Percentile 34.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

ez/ez_publish < 3.7

Timeline

Published Dec 31, 2005

Tracked Since Feb 18, 2026