CVE-2022-25337Injection in EZ Platform Kernel

CWE-74InjectionCWE-269Improper Privilege ManagementCWE-416Use After FreeCWE-200Sensitive Information Exposure6 documents4 sources
Severity
9.8CRITICALNVD
CISA7.1
EPSS
0.5%
top 32.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ibexa EZ Platform KernelEzsystems Ezpublish-kernel
Timeline
PublishedFeb 18
Latest updateNov 8

Description

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Packagistezsystems/ezpublish-kernel7.5.07.5.26
NVDibexa/ez_platform_kernel1.3.01.3.12+1

🔴Vulnerability Details

2
GHSA
Code injection in ezsystems/ezpublish-kernel2022-02-19
OSV
Code injection in ezsystems/ezpublish-kernel2022-02-19

📋Vendor Advisories

3
CISA
Samsung Mobile Devices Improper Access Control Vulnerability2022-11-08
CISA
Samsung Mobile Devices Memory Corruption Vulnerability2022-11-08
CISA
Samsung Mobile Devices Improper Access Control Vulnerability2022-11-08