CVE-2005-4853 Information

Description

The default configuration of the forum package in eZ publish 3.5 before 3.5.5 3.6 before 3.6.2 3.7 before 3.7.0rc2 and 3.8 before 20050818 does not restrict edit permissions to a posting’s owner which allows remote authenticated users to edit arbitrary postings.

Reference

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 http://issues.ez.no/7052