Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6844

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6844
Last Modified 27 Jul 2015 02:36:50
Published 02 Jul 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6844

Summary

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

Vulnerable Systems

Application

  • Ez Publish 3.10

  • Ez Publish 3.4.8

  • Ez Publish 3.5.4

  • Ez Publish 3.5.5

  • Ez Publish 3.5.6

  • Ez Publish 3.5.7

  • Ez Publish 3.5.8

  • Ez Publish 3.6.0

  • Ez Publish 3.6.1

  • Ez Publish 3.6.2

  • Ez Publish 3.6.3

  • Ez Publish 3.6.4

  • Ez Publish 3.6.5

  • Ez Publish 3.7.0

  • Ez Publish 3.7.1

  • Ez Publish 3.7.2

  • Ez Publish 3.7.3

  • Ez Publish 3.8.8

  • Ez Publish 3.8.9

  • Ez Publish 3.9.0

  • Ez Publish 3.9.1

  • Ez Publish 3.9.2

  • Ez Publish 3.9.4

  • Ez Publish 4.0

  • Ez Systems Ez Publish 3.10

  • Ez Systems Ez Publish 3.4.8

  • Ez Systems Ez Publish 3.5.4

  • Ez Systems Ez Publish 3.5.5

  • Ez Systems Ez Publish 3.5.6

  • Ez Systems Ez Publish 3.5.7

  • Ez Systems Ez Publish 3.5.8

  • Ez Systems Ez Publish 3.6.0

  • Ez Systems Ez Publish 3.6.1

  • Ez Systems Ez Publish 3.6.2

  • Ez Systems Ez Publish 3.6.3

  • Ez Systems Ez Publish 3.6.4

  • Ez Systems Ez Publish 3.6.5

  • Ez Systems Ez Publish 3.7.0

  • Ez Systems Ez Publish 3.7.1

  • Ez Systems Ez Publish 3.7.2

  • Ez Systems Ez Publish 3.7.3

  • Ez Systems Ez Publish 3.8.8

  • Ez Systems Ez Publish 3.8.9

  • Ez Systems Ez Publish 3.9.0

  • Ez Systems Ez Publish 3.9.1

  • Ez Systems Ez Publish 3.9.2

  • Ez Systems Ez Publish 3.9.4

  • Ez Systems Ez Publish 4.0


References

XF - ezpublish-registration-privilege-escalation(47216)

BID - 32762

OSVDB - 52708

MILW0RM - 7406

CONFIRM - http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible


Last Updated: 27 May 2016 11:09:26