CVE-2010-2672

CVSS V2 High 7.5 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
Overview
  • CVE ID
  • CVE-2010-2672
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2010-07-08T22:30:01
  • Last Modified Date
  • 2010-07-09T04:00:00
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:3.7.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ez:ez_publish:4.2.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://secunia.com/advisories/39101 Vendor Advisory
http://osvdb.org/63237
http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search Patch Vendor Advisory
http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff Patch
http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff Patch
http://www.securityfocus.com/bid/38985
http://www.siberas.de/advisories/advisories_2010.html
http://osvdb.org/63238
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-2672
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2672
History
Created Old Value New Value Data Type Notes
2022-05-10 11:09:59 Added to TrackCVE