CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4852

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.9%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2005-4852

Ez » Ez Publish » Version: 3.5.0

cpe:2.3:a:ez:ez_publish:3.5.0
Ez » Ez Publish » Version: 3.5.1

cpe:2.3:a:ez:ez_publish:3.5.1
Ez » Ez Publish » Version: 3.5.2

cpe:2.3:a:ez:ez_publish:3.5.2
Ez » Ez Publish » Version: 3.5.3

cpe:2.3:a:ez:ez_publish:3.5.3
Ez » Ez Publish » Version: 3.5.4

cpe:2.3:a:ez:ez_publish:3.5.4
Ez » Ez Publish » Version: 3.5.5

cpe:2.3:a:ez:ez_publish:3.5.5
Ez » Ez Publish » Version: 3.5.6

cpe:2.3:a:ez:ez_publish:3.5.6
Ez » Ez Publish » Version: 3.5.7

cpe:2.3:a:ez:ez_publish:3.5.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4852

Products

Pricing

Contact Us