eZ Publish eZ Online Editor Extension Information Disclosure Vulnerability
BID:53544
Info
eZ Publish eZ Online Editor Extension Information Disclosure Vulnerability
| Bugtraq ID: | 53544 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | May 15 2012 12:00AM |
| Credit: | Yann Michard |
| Vulnerable: |
eZ Systems eZ Online Editor 5.4 eZ Systems eZ Online Editor 5.3 eZ Systems eZ Online Editor 5.2 eZ Systems eZ Online Editor 5.1 eZ Systems eZ Online Editor 5.0 |
| Not Vulnerable: |
eZ Systems eZ Online Editor 5.5 |
Discussion
eZ Publish eZ Online Editor Extension Information Disclosure Vulnerability
The eZ Online Editor extension for eZ Publish is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.
eZ Online Editor versions 5.0 through 5.4 are vulnerable.
The eZ Online Editor extension for eZ Publish is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.
eZ Online Editor versions 5.0 through 5.4 are vulnerable.
Exploit / POC
eZ Publish eZ Online Editor Extension Information Disclosure Vulnerability
An attacker can exploit this issue with a browser.
An attacker can exploit this issue with a browser.
Solution / Fix
eZ Publish eZ Online Editor Extension Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
eZ Publish eZ Online Editor Extension Information Disclosure Vulnerability
References:
References:
- eZ Publish Homepage (eZ Systems)
- EZSA-2012-002: Information disclosure issue in ezoe extension (eZ Systems)