Vulnerabilities > EZ > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-22 | CVE-2020-10806 | Unrestricted Upload of File with Dangerous Type vulnerability in EZ Publish-Kernel and EZ Publish-Legacy eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | 7.5 |
| 2012-10-06 | CVE-2012-1565 | Security vulnerability in eZ Publish Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. | 7.5 |
| 2010-07-08 | CVE-2010-2672 | SQL Injection vulnerability in EZ Publish Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. | 7.5 |
| 2009-07-02 | CVE-2008-6844 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | 7.5 |