QwikSec

Security Database

CVE

CWE

Training

CVE-2006-7219

Published: Jul 6, 2007

Modified: Sep 16, 2024

PUBLISHED

Description

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5

x_refsource_CONFIRM

http://issues.ez.no/8795

x_refsource_CONFIRM

http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.