eZ Publish 'eZ Flow' Extension Security Bypass Vulnerability
BID:53545
Info
eZ Publish 'eZ Flow' Extension Security Bypass Vulnerability
| Bugtraq ID: | 53545 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | Mar 19 2015 08:30AM |
| Credit: | Yann MICHARD |
| Vulnerable: |
eZ Systems eZ Flow 2.4 eZ Systems eZ Flow 2.3 eZ Systems eZ Flow 2.2 eZ Systems eZ Flow 2.1 eZ Systems eZ Flow 2.0 |
| Not Vulnerable: | |
Discussion
eZ Publish 'eZ Flow' Extension Security Bypass Vulnerability
The 'eZ Flow' extension of eZ Publish is prone to a security-bypass vulnerability.
Attackers may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://drupal.org/node/207891
The 'eZ Flow' extension of eZ Publish is prone to a security-bypass vulnerability.
Attackers may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://drupal.org/node/207891
Exploit / POC
eZ Publish 'eZ Flow' Extension Security Bypass Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
eZ Publish 'eZ Flow' Extension Security Bypass Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
eZ Publish 'eZ Flow' Extension Security Bypass Vulnerability
References:
References:
- eZ Publish Homepage (eZ Systems AS)
- EZSA-2012-005: Block handling access check issue in ezflow extension (eZ Community)