ezsystems/ezpublish-legacy Security Advisories for v2017.12.2.2 (6)
-
[CRITICAL] eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
PKSA-x1cq-96j3-vfs9 CVE-2020-10806 GHSA-54p5-gxq6-j98g
Affected version: >=2019,<2019.03.4.2|>=2017,<2017.12.7.2|<5.4.14.1
Reported by:
GitHub -
IBEXA-SA-2020-006 Object Injection in legacy shop module
Affected version: >=2019.3.0,<2019.3.5.1|>=2017.12.0,<2017.12.7.3|>=5.4.0,<5.4.14.2
Reported by:
FriendsOfPHP/security-advisories -
EZSA-2020-001 Remote code execution in file uploads
Affected version: >=2019.3.0,<2019.3.4.2|>=2017.12.0,<2017.12.7.2|>=5.4.0,<5.4.14.1
Reported by:
FriendsOfPHP/security-advisories -
EZSA-2018-009 Do not interpret PHP/PHAR uploads
Affected version: >=2018.9.0,<2018.9.1.3|>=2018.6.0,<2018.6.1.4|>=2011.0.0,<2017.12.4.3|>=5.4.0,<5.4.12.3|>=5.3.0,<5.3.12.6
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] EZSA-2018-006 XSS vulnerability in 'disabled module' error template
PKSA-n31w-wzc4-zw3b GHSA-jpwx-ffjq-wr4w
Affected version: >=2018.9.0,<2018.9.1.2|>=2018.6.0,<2018.6.1.3|>=2011.0.0,<2017.12.4.2|>=5.4.0,<5.4.12.2|>=5.3.0,<5.3.12.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
EZSA-2018-005 Passwordless login for LDAP users
Affected version: >=2018.9.0,<2018.9.1.1|>=2018.6.0,<2018.6.1.2|>=2011.0.0,<2017.12.4.1|>=5.4.0,<5.4.12.1|>=5.3.0,<5.3.12.4
Reported by:
FriendsOfPHP/security-advisories