56 matches found
SQL Injection
Overview ezsystems/ezpublish-legacy is a professional PHP application framework with advanced CMS functionality. Affected versions of this package are vulnerable to SQL Injection in the getFileList function of the eZDFSFileHandlerMySQLiBackend class when executing the dfscleanup.php script. An...
GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...
ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...
EUVD-2020-15819
Malware in sbrugna...
EUVD-2015-1084
Malware in sbrugna...
CVE-2022-25337
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...
CVE-2020-23065
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf...
Sensitive Information Disclosure
ezsystems/ezpublish-kernel is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the REST API potentially disclosing the names of all available site accesses...
Remote Code Execution (RCE)
ezsystems/ezpublish-kernel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of file uploads, which can lead to remote code execution...
Object Injection
ezsystems/ezpublish-legacy is vulnerable to Object Injection. The vulnerability due to in the Legacy Shop module which allows an attacker with backend editor privileges to manipulate the discount rule settings...
Remote Code Execution (RCE)
ezsystems/ezpublish-legacy vulnerable to Remote Code Execution RCE. The vulnerability is caused by uploading a file, which could potentially allow execution of arbitrary PHP files under certain configurations...
Information Disclosure
ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...
Authentication Bypass
ezsystems/ezpublish-legacy is vulnerable to Authentication Bypass. The vulnerability is due the standard login handler failing to verify passwords correctly in rare cases when using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler...
Remote Code Execution
ezsystems is vulnerable to Remote Code Execution. The vulnerability is due to object injection in the SiteAccessMatchListener, which could lead to remote code execution RCE...
Cross-site Scripting (XSS)
ezsystems/ezpublish-legacy is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized parameters input within the 'disabled module' error template, leading to Cross-site Scripting XSS...
eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
GHSA-64VJ-933F-6PM3 eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
GHSA-2W9P-XXQR-H253 eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
eZ Platform Object Injection in SiteAccessMatchListener
This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...
PT-2024-40240 · Unknown · Ez Publish Legacy
Name of the Vulnerable Software and Affected Versions: ezpublish-legacy affected versions not specified Description: The issue is related to an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini SiteAccessRules Rules and an attacker...