Vulnerability Details : CVE-2005-4850
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
Exploit prediction scoring system (EPSS) score for CVE-2005-4850
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4850
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2005-4850
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4850
-
http://issues.ez.no/6680
Broken Link
-
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
Patch;Vendor Advisory
Products affected by CVE-2005-4850
- cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*