CVE-2006-7218
N/A
N/A
Summary
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0
- http://issues.ez.no/8539
References
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_0_to_3_8_1
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0
- http://issues.ez.no/8539
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.