Main Vulnerability Database Vulnerabilities #VU43423

Input validation error in eZ publish - CVE-2012-1565

Published: October 7, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43423

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-1565

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: eZ systems

Affected software:
eZ publish

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

How to mitigate CVE-2012-1565

Install update from vendor's website.

Sources

http://issues.ez.no/19238
http://osvdb.org/80098
http://secunia.com/advisories/48338
http://www.openwall.com/lists/oss-security/2012/03/19/13
http://www.openwall.com/lists/oss-security/2012/03/19/6
http://www.securityfocus.com/bid/52516
https://exchange.xforce.ibmcloud.com/vulnerabilities/74060

Input validation error in eZ publish - CVE-2012-1565

Detailed vulnerability description

How to mitigate CVE-2012-1565

Sources

Please verify you're human