Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 7:7 p.m.17 views

ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

5.8AI score0.00017EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/29 7:7 p.m.8 views

SQL Injection

Overview ezsystems/ezpublish-legacy is a professional PHP application framework with advanced CMS functionality. Affected versions of this package are vulnerable to SQL Injection in the getFileList function of the eZDFSFileHandlerMySQLiBackend class when executing the dfscleanup.php script. An...

8.4CVSS6AI score0.00017EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 7:7 p.m.9 views

GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score0.00017EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/20 7:25 a.m.13 views

Object Injection

ezsystems/ezpublish-legacy is vulnerable to Object Injection. The vulnerability due to in the Legacy Shop module which allows an attacker with backend editor privileges to manipulate the discount rule settings...

7AI score
Exploits0
Veracode
Veracode
added 2024/05/20 7:20 a.m.8 views

Remote Code Execution (RCE)

ezsystems/ezpublish-legacy vulnerable to Remote Code Execution RCE. The vulnerability is caused by uploading a file, which could potentially allow execution of arbitrary PHP files under certain configurations...

8.1AI score
Exploits0
Veracode
Veracode
added 2024/05/20 5:54 a.m.12 views

Information Disclosure

ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...

6.9AI score
Exploits0
Veracode
Veracode
added 2024/05/17 7:48 a.m.9 views

Authentication Bypass

ezsystems/ezpublish-legacy is vulnerable to Authentication Bypass. The vulnerability is due the standard login handler failing to verify passwords correctly in rare cases when using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler...

7.1AI score
Exploits0
Veracode
Veracode
added 2024/05/17 6:52 a.m.13 views

Cross-site Scripting (XSS)

ezsystems/ezpublish-legacy is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized parameters input within the 'disabled module' error template, leading to Cross-site Scripting XSS...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-40240 · Unknown · Ez Publish Legacy

Name of the Vulnerable Software and Affected Versions: ezpublish-legacy affected versions not specified Description: The issue is related to an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini SiteAccessRules Rules and an attacker...

6.7AI score
Exploits0References5
Rows per page
Query Builder