Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4855

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2005-4855
Last Modified 28 Jul 2015 11:02:57
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2005-4855

Summary

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

Vulnerable Systems

Application

  • Ez Publish 3.5.4

  • Ez Publish 3.6.1

  • Ez Publish 3.7.0

  • Ez Publish 3.8.0


References

CONFIRM - http://issues.ez.no/5984

CONFIRM - http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0


Last Updated: 27 May 2016 10:42:38