CVE-2008-6844

EZ Publish < 3.5.6 - Access Control

Title source: rule

Description

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by s4avrd0w · phpwebappsphp
https://www.exploit-db.com/exploits/7406

References (5)

Scores

EPSS 0.0381
EPSS Percentile 88.1%

Details

CWE
CWE-264
Status published
Products (24)
ez/ez_publish 3.4.8
ez/ez_publish 3.5.4
ez/ez_publish 3.5.5
ez/ez_publish 3.5.7
ez/ez_publish 3.5.8
ez/ez_publish 3.6.0
ez/ez_publish 3.6.1
ez/ez_publish 3.6.2
ez/ez_publish 3.6.3
ez/ez_publish 3.6.4
... and 14 more
Published Jul 02, 2009
Tracked Since Feb 18, 2026