The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a postings owner, which allows remote authenticated users to edit arbitrary postings.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ez_publish | Ez | 3.5.2 | 3.5.2 |
Ez_publish | Ez | 3.5.0 | 3.5.0 |
Ez_publish | Ez | 3.5.3 | 3.5.3 |
Ez_publish | Ez | 3.5.4 | 3.5.4 |
Ez_publish | Ez | 3.5.1 | 3.5.1 |