CVE-2008-6844

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
ezez_publish
𝑥
≤ 3.5.6
ezez_publish
3.4.8
ezez_publish
3.5.4
ezez_publish
3.5.5
ezez_publish
3.5.7
ezez_publish
3.5.8
ezez_publish
3.6.0
ezez_publish
3.6.1
ezez_publish
3.6.2
ezez_publish
3.6.3
ezez_publish
3.6.4
ezez_publish
3.6.5
ezez_publish
3.7.0
ezez_publish
3.7.1
ezez_publish
3.7.2
ezez_publish
3.7.3
ezez_publish
3.8.8
ezez_publish
3.8.9
ezez_publish
3.9.0
ezez_publish
3.9.1
ezez_publish
3.9.2
ezez_publish
3.9.4
ezez_publish
3.10
ezez_publish
4.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ezpublish
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
Common Weakness Enumeration
References
http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible
http://www.osvdb.org/52708
http://www.securityfocus.com/bid/32762
https://exchange.xforce.ibmcloud.com/vulnerabilities/47216
https://www.exploit-db.com/exploits/7406
http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible
http://www.osvdb.org/52708
http://www.securityfocus.com/bid/32762
https://exchange.xforce.ibmcloud.com/vulnerabilities/47216
https://www.exploit-db.com/exploits/7406