Vulnerabilities > EZ > EZ Publish > High

DATE CVE VULNERABILITY TITLE RISK
2012-10-06 CVE-2012-1565 Security vulnerability in eZ Publish
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.
network
low complexity
ez
7.5
7.5
2010-07-08 CVE-2010-2672 SQL Injection vulnerability in EZ Publish
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
network
low complexity
ez CWE-89
7.5
7.5
2009-07-02 CVE-2008-6844 Permissions, Privileges, and Access Controls vulnerability in EZ Publish
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
network
low complexity
ez CWE-264
7.5
7.5