Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
References
Link | Resource |
---|---|
https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-02-18 18:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-25337
Mitre link : CVE-2022-25337
CVE.ORG link : CVE-2022-25337
JSON object : View
Products Affected
ibexa
- ez_platform_kernel
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')