Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


EZ Publish "advancedsearch" function SQL Injection

Reference ID: SSA-1006
Publication date: 25.03.2010
Severity: critical
Discovered by: Sebastian Apelt

Affected versions: >= 3.7.0 and <= 4.2.0

A SQL-Injection vulnerability exists in the advancedsearch functionality of EZ Publish. If the parameter “SearchContentClassAttributeID” is passed to the application as an array the array members are not getting validated properly. Just like the search functionality described in SSA-1007 advancedsearch is usually accessible without authentication and thus gets the same “critical” rating.

EZ Publish advisory
Patch: 16398.diff