Lucene search

[email protected]CVE-2010-2672

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2672

2022-10-0316:21:09

CWE-89

[email protected]

web.nvd.nist.gov

security

sql injection

ez publish

vulnerability

remote attack

nvd

cve-2010-2672

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

Affected configurations

NVD

Node

ezez_publishMatch3.7.0

ezez_publishMatch3.7.1

ezez_publishMatch3.7.2

ezez_publishMatch3.7.3

ezez_publishMatch3.7.4

ezez_publishMatch3.7.5

ezez_publishMatch3.7.6

ezez_publishMatch3.7.7

ezez_publishMatch3.7.8

ezez_publishMatch3.7.9

ezez_publishMatch3.7.10

ezez_publishMatch3.7.11

ezez_publishMatch3.7.12

ezez_publishMatch4.2.0

CPENameOperatorVersion
ez:ez_publishez ez publisheq3.7.0
ez:ez_publishez ez publisheq3.7.1
ez:ez_publishez ez publisheq3.7.2
ez:ez_publishez ez publisheq3.7.3
ez:ez_publishez ez publisheq3.7.4
ez:ez_publishez ez publisheq3.7.5
ez:ez_publishez ez publisheq3.7.6
ez:ez_publishez ez publisheq3.7.7
ez:ez_publishez ez publisheq3.7.8
ez:ez_publishez ez publisheq3.7.9

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	eq	3.7.0
ez:ez_publish	ez ez publish	eq	3.7.1
ez:ez_publish	ez ez publish	eq	3.7.2
ez:ez_publish	ez ez publish	eq	3.7.3
ez:ez_publish	ez ez publish	eq	3.7.4
ez:ez_publish	ez ez publish	eq	3.7.5
ez:ez_publish	ez ez publish	eq	3.7.6
ez:ez_publish	ez ez publish	eq	3.7.7
ez:ez_publish	ez ez publish	eq	3.7.8
ez:ez_publish	ez ez publish	eq	3.7.9

Rows per page:

1-10 of 141

References

ez.no/de/content/download/321165/3192248/version/1/file/16397.diff

ez.no/de/content/download/321166/3192253/version/1/file/16398.diff

ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search

osvdb.org/63237

osvdb.org/63238

secunia.com/advisories/39101

www.securityfocus.com/bid/38985

www.siberas.de/advisories/advisories_2010.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2010-2672

cvelist1 prion1 nvd1