Unrated severityNVD Advisory· Published Jul 8, 2010· Updated Apr 29, 2026
CVE-2010-2672
CVE-2010-2672
Description
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
Affected products
14cpe:2.3:a:ez:ez_publish:3.7.8:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:ez:ez_publish:3.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- ez.no/de/content/download/321165/3192248/version/1/file/16397.diffnvdPatch
- ez.no/de/content/download/321166/3192253/version/1/file/16398.diffnvdPatch
- ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_searchnvdPatchVendor Advisory
- secunia.com/advisories/39101nvdVendor Advisory
- osvdb.org/63237nvd
- osvdb.org/63238nvd
- www.securityfocus.com/bid/38985nvd
- www.siberas.de/advisories/advisories_2010.htmlnvd
News mentions
0No linked articles in our index yet.