CVE-2010-2672 - Vulnerability Details

Vendors	Products
Ez	Ez Publish

Link	Providers
http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff
http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff
http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search
http://osvdb.org/63237
http://osvdb.org/63238
http://secunia.com/advisories/39101
http://www.securityfocus.com/bid/38985
http://www.siberas.de/advisories/advisories_2010.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-07-08T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.siberas.de/advisories/advisories_2010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff"}, {"name": "63237", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/63237"}, {"name": "39101", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39101"}, {"name": "38985", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38985"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search"}, {"name": "63238", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/63238"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2672", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.siberas.de/advisories/advisories_2010.html", "refsource": "MISC", "url": "http://www.siberas.de/advisories/advisories_2010.html"}, {"name": "http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff", "refsource": "CONFIRM", "url": "http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff"}, {"name": "63237", "refsource": "OSVDB", "url": "http://osvdb.org/63237"}, {"name": "39101", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39101"}, {"name": "38985", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38985"}, {"name": "http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff", "refsource": "CONFIRM", "url": "http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff"}, {"name": "http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search", "refsource": "CONFIRM", "url": "http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search"}, {"name": "63238", "refsource": "OSVDB", "url": "http://osvdb.org/63238"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:39:37.992Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.siberas.de/advisories/advisories_2010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff"}, {"name": "63237", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/63237"}, {"name": "39101", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39101"}, {"name": "38985", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38985"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search"}, {"name": "63238", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/63238"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2672", "datePublished": "2010-07-08T22:00:00Z", "dateReserved": "2010-07-08T00:00:00Z", "dateUpdated": "2024-09-16T20:22:49.900Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2010-07-08T22:00:00Z (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.siberas.de/advisories/advisories_2010.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff (string)

}

2 : { »

name : 63237 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/63237 (string)

}

3 : { »

name : 39101 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/39101 (string)

}

4 : { »

name : 38985 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/38985 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search (string)

}

7 : { »

name : 63238 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/63238 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2010-2672 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.siberas.de/advisories/advisories_2010.html (string)

refsource : MISC (string)

url : http://www.siberas.de/advisories/advisories_2010.html (string)

}

1 : { »

name : http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff (string)

refsource : CONFIRM (string)

url : http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff (string)

}

2 : { »

name : 63237 (string)

refsource : OSVDB (string)

url : http://osvdb.org/63237 (string)

}

3 : { »

name : 39101 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/39101 (string)

}

4 : { »

name : 38985 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/38985 (string)

}

5 : { »

name : http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff (string)

refsource : CONFIRM (string)

url : http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff (string)

}

6 : { »

name : http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search (string)

refsource : CONFIRM (string)

url : http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search (string)

}

7 : { »

name : 63238 (string)

refsource : OSVDB (string)

url : http://osvdb.org/63238 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T02:39:37.992Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.siberas.de/advisories/advisories_2010.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff (string)

}

2 : { »

name : 63237 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/63237 (string)

}

3 : { »

name : 39101 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/39101 (string)

}

4 : { »

name : 38985 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/38985 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search (string)

}

7 : { »

name : 63238 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/63238 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2010-2672 (string)

datePublished : 2010-07-08T22:00:00Z (string)

dateReserved : 2010-07-08T00:00:00Z (string)

dateUpdated : 2024-09-16T20:22:49.900Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDF55F25-B30D-4FC9-ADA7-7F185CD5338F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CC77C98-2C37-49CE-AFB4-49D84BEC78FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "568B3930-DDA1-4582-B1E8-BA4B4E83E49B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24159950-04AD-43EA-BEC5-C306A438CEDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "2AF33FE5-094B-42E3-AFB4-EE344A0161D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "00844C2C-259B-4685-9B26-F9AD6B8C2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "E1E923D5-B60D-4822-B1A7-AB3B32D3BA0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "076912DC-A491-4572-A5F8-8E16783990BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "34BB6ECF-28F3-429B-96C4-EC4A49CFEE06", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "63C48844-569E-4274-B039-285D20A257E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "E0853588-C50C-4BE0-9594-D015153E78FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "E618D0C6-1679-44A2-B809-451E6EBDA57F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "F050C746-AC77-4C50-BA1E-7308415C56E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ez:ez_publish:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D41CE6FC-9CCB-4D26-9F93-F9FBD2381A8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en eZ Publish v3.7.0 hasta v4.2.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) SectionID y (2) SearchTimestamp a la caracter\u00edstica de b\u00fasqueda y (3) par\u00e1metro SearchContentClassAttributeID a la funci\u00f3n advancedsearch."}], "id": "CVE-2010-2672", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-07-08T22:30:01.390", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/63237"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/63238"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39101"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/38985"}, {"source": "cve@mitre.org", "url": "http://www.siberas.de/advisories/advisories_2010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/63237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/63238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.siberas.de/advisories/advisories_2010.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DDF55F25-B30D-4FC9-ADA7-7F185CD5338F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8CC77C98-2C37-49CE-AFB4-49D84BEC78FE (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 568B3930-DDA1-4582-B1E8-BA4B4E83E49B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 24159950-04AD-43EA-BEC5-C306A438CEDF (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 2AF33FE5-094B-42E3-AFB4-EE344A0161D9 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 00844C2C-259B-4685-9B26-F9AD6B8C2019 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : E1E923D5-B60D-4822-B1A7-AB3B32D3BA0B (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 076912DC-A491-4572-A5F8-8E16783990BE (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 34BB6ECF-28F3-429B-96C4-EC4A49CFEE06 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 63C48844-569E-4274-B039-285D20A257E6 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.10:*:*:*:*:*:*:* (string)

matchCriteriaId : E0853588-C50C-4BE0-9594-D015153E78FA (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.11:*:*:*:*:*:*:* (string)

matchCriteriaId : E618D0C6-1679-44A2-B809-451E6EBDA57F (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ez:ez_publish:3.7.12:*:*:*:*:*:*:* (string)

matchCriteriaId : F050C746-AC77-4C50-BA1E-7308415C56E3 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ez:ez_publish:4.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D41CE6FC-9CCB-4D26-9F93-F9FBD2381A8E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. (string)

}

1 : { »

lang : es (string)

value : Múltiples vulnerabilidades de inyección SQL en eZ Publish v3.7.0 hasta v4.2.0 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) SectionID y (2) SearchTimestamp a la característica de búsqueda y (3) parámetro SearchContentClassAttributeID a la función advancedsearch. (string)

}

]

id : CVE-2010-2672 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2010-07-08T22:30:01.390 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://osvdb.org/63237 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://osvdb.org/63238 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/39101 (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/38985 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.siberas.de/advisories/advisories_2010.html (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://osvdb.org/63237 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://osvdb.org/63238 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/39101 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/38985 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.siberas.de/advisories/advisories_2010.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object