Sql injection

2010-07-0822:30:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

CPENameOperatorVersion
ez_publisheq3.7.11
ez_publisheq3.7.4
ez_publisheq3.7.12
ez_publisheq3.7.7
ez_publisheq3.7.9
ez_publisheq3.7.1
ez_publisheq4.2.0
ez_publisheq3.7.10
ez_publisheq3.7.8
ez_publisheq3.7.3

Name	Operator	Version
ez_publish	eq	3.7.11
ez_publish	eq	3.7.4
ez_publish	eq	3.7.12
ez_publish	eq	3.7.7
ez_publish	eq	3.7.9
ez_publish	eq	3.7.1
ez_publish	eq	4.2.0
ez_publish	eq	3.7.10
ez_publish	eq	3.7.8
ez_publish	eq	3.7.3

Rows per page:

1-10 of 141

References

ez.no/de/content/download/321165/3192248/version/1/file/16397.diff

ez.no/de/content/download/321166/3192253/version/1/file/16398.diff

ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search

osvdb.org/63237

osvdb.org/63238

secunia.com/advisories/39101

www.securityfocus.com/bid/38985

www.siberas.de/advisories/advisories_2010.html