CVE-2005-4851

eZ publish <3.7 - Privilege Escalation

Title source: llm
STIX 2.1

Description

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

References (2)

Core 2
Core References
Broken Link x_refsource_confirm
http://issues.ez.no/6841

Scores

EPSS 0.0088
EPSS Percentile 54.6%

Details

CWE
CWE-287
Status published
Products (1)
ez/ez_publish 3.4.4 - 3.7
Published Dec 31, 2005
Tracked Since Feb 18, 2026