2007-07-06 19:00:00
mitre
PUBLISHED
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.