2007-07-06 19:00:00
mitre
PUBLISHED
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a postings owner, which allows remote authenticated users to edit arbitrary postings.