Skip to main content

Ez Platform Kernel

2 CVEs product

Monthly

CVE-2022-25337 PHP CRITICAL PATCH Act Now

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ez Platform Kernel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25336 PHP MEDIUM PATCH This Month

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ez Platform Kernel
NVD
CVSS 3.1
5.3
EPSS
0.7%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ez Platform Kernel
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ez Platform Kernel
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy