Ez Publish@3.7.3 Security Vulnerabilities and Issues — Ez Publish@3.7.3 CVE List

Lucene search

EzEz Publish3.7.3

4 matches found

CVE•added 2009/07/02 10:30 a.m.•47 views

CVE-2008-6844

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and ot...

7.5CVSS7.2AI score0.02382EPSS

CVE•added 2010/07/08 10:30 p.m.•43 views

CVE-2010-2672

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

7.5CVSS8.8AI score0.00836EPSS

CVE•added 2010/07/08 10:30 p.m.•30 views

CVE-2010-2671

Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.

4.3CVSS5.9AI score0.00516EPSS

CVE•added 2007/07/06 7:0 p.m.•27 views

CVE-2005-4854

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

5CVSS5.8AI score0.0019EPSS