Vulnerability Database

ezsystems / ezpublish-kernel

• You can search for specific versions with https://synscan.net/product/ezpublish--kernel/1.2.3

Title	Severity	Exploit	Date	Affected Version
eZ Platform Object Injection in SiteAccessMatchListener	High		May 15, 2024	>= 7.5.0 < 7.5.8 >= 6.13.0 < 6.13.6.4 >= 5.4.0 < 5.4.15
eZ Publish Remote code execution in file uploads	High		May 15, 2024	>= 7.5.0 < 7.5.6.2 >= 6.13.0 < 6.13.6.2 >= 5.4.0 < 5.4.14.1
eZ Platform REST API returns list of all SiteAccesses	Medium		May 15, 2024	>= 7.3.0 < 7.3.2.1 >= 7.0.0 < 7.2.4.1 >= 6.8.0 < 6.13.5.1 >= 6.0.0 < 6.7.9.1 >= 5.4.0 < 5.4.13.1 >= 5.3.0 < 5.3.12.1
Download route allows filename change in eZpublish kernel	Low		Nov 3, 2023	>= 7.5.0 < 7.5.31
CVE-2022-48366	Low		Mar 12, 2023	>= 7.5.0 < 7.5.29
CVE-2021-46876	Medium		Mar 12, 2023	>= 6.13.0 < 6.13.8.1 >= 7.5.0 < 7.5.15.1
CVE-2021-46875	Medium		Mar 12, 2023	>= 6.13.0 < 6.13.8.2 >= 7.5.0 < 7.5.15.2
CVE-2022-48367	Critical		Mar 12, 2023	>= 7.5.0 < 7.5.28
CVE-2022-48365	High		Mar 12, 2023	>= 7.5.0 < 7.5.30
eZ Platform users with the Company admin role can assign any role to any user	Critical		Nov 10, 2022	>= 7.5.0 < 7.5.30