32 matches found
CVE-2022-25337
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...
Sensitive Information Disclosure
ezsystems/ezpublish-kernel is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the REST API potentially disclosing the names of all available site accesses...
Remote Code Execution (RCE)
ezsystems/ezpublish-kernel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of file uploads, which can lead to remote code execution...
Remote Code Execution
ezsystems is vulnerable to Remote Code Execution. The vulnerability is due to object injection in the SiteAccessMatchListener, which could lead to remote code execution RCE...
eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
GHSA-64VJ-933F-6PM3 eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
GHSA-2W9P-XXQR-H253 eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
Download route allows filename change in eZpublish kernel
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
GHSA-946C-F9W6-2C25 Download route allows filename change in eZpublish kernel
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2
Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...
Access control issue in ezsystems/ezpublish-kernel
Access control based on object state is mishandled. This is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would grant access to...
GHSA-H5V2-WRHP-5V35 Access control issue in ezsystems/ezpublish-kernel
Access control based on object state is mishandled. This is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would grant access to...
Privilege Escalation
ezsystems/ezpublish-kernel is vulnerable to privilege escalation. The vulnerability exists because the company role assigning feature is not properly handled which allows an attacker to limit the access of assigning roles to any user...
Timing Attacks
ezsystems/ezpublish-kernel is vulnerable to timing attacks. The vulnerability exists because the library does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash...
Previliage Escalation
ezsystems/ezpublish-kernel is vulnerable to privilege escalation. The vulnerability exists in evaluate function in ObjectStateLimitationType.php due to the weak permission which allows unauthorized user to elevate privileges...
CVE-2022-25337
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...
CVE-2022-25336
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...
CVE-2022-25336
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...
CVE-2022-25337
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...