eZ Publish Kernel prior to 5.4.14.1, 6.x prior to 6.13.6.2, and 7.x prior to 7.5.6.2 and eZ Publish Legacy prior to 5.4.14.1, 2017 prior to 2017.12.7.2, and 2019 prior to 2019.03.4.2 allow remote malicious users to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ez ez publish-kernel |
||
ez ez publish-legacy |