CVE-2005-4851

N/A Unknown
Published: December 31, 2005 Modified: April 16, 2026
View on NVD

Description

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
Source: cve@mitre.org
Product
http://issues.ez.no/6841
Source: cve@mitre.org
Broken Link
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
Source: af854a3a-2127-422b-91ae-364da2661108
Product
http://issues.ez.no/6841
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
35th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

ez

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A