Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.
EZ Publish "advancedsearch" function SQL Injection
Reference ID: SSA-1006Affected versions: >= 3.7.0 and <= 4.2.0
A SQL-Injection vulnerability exists in the advancedsearch functionality of EZ Publish. If the parameter “SearchContentClassAttributeID” is passed to the application as an array the array members are not getting validated properly. Just like the search functionality described in SSA-1007 advancedsearch is usually accessible without authentication and thus gets the same “critical” rating.
References:
EZ Publish advisory
Patch: 16398.diff