CVE-2010-2672

2010-07-08T22:30:00
ID CVE-2010-2672
Type cve
Reporter cve@mitre.org
Modified 2010-07-09T04:00:00

Description

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.