ezsystems/ezpublish-legacy Security Advisories for v2015.01.1 (6)
-
[HIGH] eZ Publish Information disclosure in backend content tree menu
PKSA-z8zn-1svn-qf72 GHSA-cc2j-92jq-wgjg
Affected version: >=5.3.0,<5.3.12.2|>=5.4.0,<5.4.10.1|>=2011.0.0,<2017.8.1.1
Reported by:
GitHub -
[HIGH] EZSA-2018-009 Do not interpret PHP/PHAR uploads
PKSA-pyck-srww-rjvt GHSA-9895-26wr-4fgv
Affected version: >=2018.9.0,<2018.9.1.3|>=2018.6.0,<2018.6.1.4|>=2011.0.0,<2017.12.4.3|>=5.4.0,<5.4.12.3|>=5.3.0,<5.3.12.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] EZSA-2018-006 XSS vulnerability in 'disabled module' error template
PKSA-n31w-wzc4-zw3b GHSA-jpwx-ffjq-wr4w
Affected version: >=2018.9.0,<2018.9.1.2|>=2018.6.0,<2018.6.1.3|>=2011.0.0,<2017.12.4.2|>=5.4.0,<5.4.12.2|>=5.3.0,<5.3.12.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] EZSA-2018-005 Passwordless login for LDAP users
PKSA-4hqb-7wxf-8qrs GHSA-2vh3-cj9j-mcj5
Affected version: >=2018.9.0,<2018.9.1.1|>=2018.6.0,<2018.6.1.2|>=2011.0.0,<2017.12.4.1|>=5.4.0,<5.4.12.1|>=5.3.0,<5.3.12.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] EZSA-2018-001 Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features
PKSA-12d4-fcmc-ws8v GHSA-39j2-4p9j-5w4j
Affected version: >=2011.0.0,<2017.12.2.1|>=5.4.0,<5.4.11.3|>=5.3.0,<5.3.12.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] EZSA-2017-006 Information disclosure in backend content tree menu
PKSA-h4ds-xj4t-xwqp GHSA-pqjm-xcp8-wgmm
Affected version: >=2011.0.0,<2017.8.1.1|>=5.4.0,<5.4.10.1|>=5.3.0,<5.3.12.2
Reported by:
FriendsOfPHP/security-advisories, GitHub