The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
Max CVSS
5.0
EPSS Score
2.08%
Published
2007-08-23
Updated
2015-07-27
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
Max CVSS
10.0
EPSS Score
0.49%
Published
2007-08-23
Updated
2015-07-27
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.
Max CVSS
4.0
EPSS Score
0.11%
Published
2007-07-06
Updated
2015-07-28
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
Max CVSS
4.0
EPSS Score
0.11%
Published
2007-07-06
Updated
2015-07-28
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!