Main Vulnerability Database Vulnerabilities #VU43423

#VU43423 Input validation error in eZ publish - CVE-2012-1565

Published: October 7, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43423

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-1565

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
eZ publish

Software vendor:
eZ systems

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

Remediation

Install update from vendor's website.

External links

http://issues.ez.no/19238
http://osvdb.org/80098
http://secunia.com/advisories/48338
http://www.openwall.com/lists/oss-security/2012/03/19/13
http://www.openwall.com/lists/oss-security/2012/03/19/6
http://www.securityfocus.com/bid/52516
https://exchange.xforce.ibmcloud.com/vulnerabilities/74060

#VU43423 Input validation error in eZ publish - CVE-2012-1565

Description

Remediation

External links

Please verify you're human