Vulnerability Details CVE-2008-6844
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible
- http://www.osvdb.org/52708
- http://www.securityfocus.com/bid/32762
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47216
- https://www.exploit-db.com/exploits/7406
- http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible
- http://www.osvdb.org/52708
- http://www.securityfocus.com/bid/32762
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47216
- https://www.exploit-db.com/exploits/7406
Products affected by CVE-2008-6844
-
cpe:2.3:a:ez:ez_publish:2.9-3
-
cpe:2.3:a:ez:ez_publish:2.9-4
-
cpe:2.3:a:ez:ez_publish:2.9-5
-
cpe:2.3:a:ez:ez_publish:2.9-6
-
cpe:2.3:a:ez:ez_publish:2.9-7
-
cpe:2.3:a:ez:ez_publish:3.0-1
-
cpe:2.3:a:ez:ez_publish:3.0-2
-
cpe:2.3:a:ez:ez_publish:3.1-1
-
cpe:2.3:a:ez:ez_publish:3.1.0-1
-
cpe:2.3:a:ez:ez_publish:3.1.0-2
-
cpe:2.3:a:ez:ez_publish:3.10
-
cpe:2.3:a:ez:ez_publish:3.2-1
-
cpe:2.3:a:ez:ez_publish:3.2-2
-
cpe:2.3:a:ez:ez_publish:3.2-3
-
cpe:2.3:a:ez:ez_publish:3.2-4
-
cpe:2.3:a:ez:ez_publish:3.2-5
-
cpe:2.3:a:ez:ez_publish:3.2-6
-
cpe:2.3:a:ez:ez_publish:3.2.0-1
-
cpe:2.3:a:ez:ez_publish:3.2.0-2
-
cpe:2.3:a:ez:ez_publish:3.3-1
-
cpe:2.3:a:ez:ez_publish:3.3-2
-
cpe:2.3:a:ez:ez_publish:3.3-3
-
cpe:2.3:a:ez:ez_publish:3.3-4
-
cpe:2.3:a:ez:ez_publish:3.3-5
-
cpe:2.3:a:ez:ez_publish:3.3-6
-
cpe:2.3:a:ez:ez_publish:3.3-7
-
cpe:2.3:a:ez:ez_publish:3.3.0-1
-
cpe:2.3:a:ez:ez_publish:3.3.0-2
-
cpe:2.3:a:ez:ez_publish:3.4.0
-
cpe:2.3:a:ez:ez_publish:3.4.1
-
cpe:2.3:a:ez:ez_publish:3.4.2
-
cpe:2.3:a:ez:ez_publish:3.4.3
-
cpe:2.3:a:ez:ez_publish:3.4.4
-
cpe:2.3:a:ez:ez_publish:3.4.5
-
cpe:2.3:a:ez:ez_publish:3.4.6
-
cpe:2.3:a:ez:ez_publish:3.4.7
-
cpe:2.3:a:ez:ez_publish:3.4.8
-
cpe:2.3:a:ez:ez_publish:3.5.0
-
cpe:2.3:a:ez:ez_publish:3.5.1
-
cpe:2.3:a:ez:ez_publish:3.5.2
-
cpe:2.3:a:ez:ez_publish:3.5.3
-
cpe:2.3:a:ez:ez_publish:3.5.4
-
cpe:2.3:a:ez:ez_publish:3.5.5
-
cpe:2.3:a:ez:ez_publish:3.5.6
-
cpe:2.3:a:ez:ez_publish:3.5.7
-
cpe:2.3:a:ez:ez_publish:3.5.8
-
cpe:2.3:a:ez:ez_publish:3.6.0
-
cpe:2.3:a:ez:ez_publish:3.6.1
-
cpe:2.3:a:ez:ez_publish:3.6.2
-
cpe:2.3:a:ez:ez_publish:3.6.3
-
cpe:2.3:a:ez:ez_publish:3.6.4
-
cpe:2.3:a:ez:ez_publish:3.6.5
-
cpe:2.3:a:ez:ez_publish:3.7.0
-
cpe:2.3:a:ez:ez_publish:3.7.1
-
cpe:2.3:a:ez:ez_publish:3.7.2
-
cpe:2.3:a:ez:ez_publish:3.7.3
-
cpe:2.3:a:ez:ez_publish:3.8.8
-
cpe:2.3:a:ez:ez_publish:3.8.9
-
cpe:2.3:a:ez:ez_publish:3.9.0
-
cpe:2.3:a:ez:ez_publish:3.9.1
-
cpe:2.3:a:ez:ez_publish:3.9.2
-
cpe:2.3:a:ez:ez_publish:3.9.4
-
cpe:2.3:a:ez:ez_publish:4.0