ez.no / developer / security / security advisories / ez publish 4.0 / ezsa-2008-003: insufficient form handling made privilege escalation possible.

EZSA-2008-003: Insufficient form handling made privilege escalation possible.

Severity: High

Wednesday 13 August 2008

Versions affected *	Resolved in
>= 3.5.6	3.9.5, 3.10.1, 4.0.1

The registration view (/user/register) allowed an attacker, by manipulating form values, to potentially modify existing users. This could lead to an escalation of privileges.

* For more information about which affected versions are reported, see this page

Software
eZ Publish
eZ Components
eZ Flow
eZ Find
eZ Newsletter

Support & Services
eZ Publish Premium
Training
Certification
Expert Consulting Services

Solutions
Digital Media
Enterprise CMS
Intranet
E-Commerce
Community Portal
Mobile

eZ Systems - The Content Management Ecosystem

User menu

Path

EZSA-2008-003: Insufficient form handling made privilege escalation possible.