QwikSec

Security Database

CVE

CWE

Training

CVE-2008-6844

Published: Jul 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ezpublish-registration-privilege-escalation(47216)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.