Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 up to and including 4.2.0 allow remote malicious users to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ez ez publish 3.7.0 |
||
ez ez publish 3.7.3 |
||
ez ez publish 3.7.4 |
||
ez ez publish 3.7.6 |
||
ez ez publish 4.2.0 |
||
ez ez publish 3.7.2 |
||
ez ez publish 3.7.8 |
||
ez ez publish 3.7.9 |
||
ez ez publish 3.7.10 |
||
ez ez publish 3.7.11 |
||
ez ez publish 3.7.5 |
||
ez ez publish 3.7.7 |
||
ez ez publish 3.7.12 |
||
ez ez publish 3.7.1 |