Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
CPE | Name | Operator | Version |
---|---|---|---|
ez_publish | eq | 3.7.11 | |
ez_publish | eq | 3.7.4 | |
ez_publish | eq | 3.7.12 | |
ez_publish | eq | 3.7.7 | |
ez_publish | eq | 3.7.9 | |
ez_publish | eq | 3.7.1 | |
ez_publish | eq | 4.2.0 | |
ez_publish | eq | 3.7.10 | |
ez_publish | eq | 3.7.8 | |
ez_publish | eq | 3.7.3 |
ez.no/de/content/download/321165/3192248/version/1/file/16397.diff
ez.no/de/content/download/321166/3192253/version/1/file/16398.diff
ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search
osvdb.org/63237
osvdb.org/63238
secunia.com/advisories/39101
www.securityfocus.com/bid/38985
www.siberas.de/advisories/advisories_2010.html