eZ Publish SQL Injection and HTML Injection Vulnerabilities
BID:38985
Info
eZ Publish SQL Injection and HTML Injection Vulnerabilities
| Bugtraq ID: | 38985 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-2671 CVE-2010-2672 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | Sebastian Apelt, Siberas |
| Vulnerable: |
eZ publish eZ publish 3.8.9 eZ publish eZ publish 4.1 eZ publish eZ publish 3.5 eZ publish eZ publish 3.0 |
| Not Vulnerable: | |
Discussion
eZ Publish SQL Injection and HTML Injection Vulnerabilities
eZ Publish is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.
The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
eZ Publish is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.
The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
eZ Publish SQL Injection and HTML Injection Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
eZ Publish SQL Injection and HTML Injection Vulnerabilities
Solution:
Updates are available to address this issue. Please see the references for more information.
Solution:
Updates are available to address this issue. Please see the references for more information.
References
eZ Publish SQL Injection and HTML Injection Vulnerabilities
References:
References:
- Advisories 2010 (Siberas)
- eZ Publish Homepage (eZ Publish)
- EZSA-2010-001: Remote vulnerability in eZ search (eZ Publish)