Unrated severityNVD Advisory· Published Jul 8, 2010· Updated Jun 16, 2026
CVE-2010-2672
CVE-2010-2672
Description
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
Affected products
15cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:4.2.0:*:*:*:*:*:*:*
- (no CPE)range: 3.7.0 - 4.2.0
Patches
Vulnerability mechanics
References
8- ez.no/de/content/download/321165/3192248/version/1/file/16397.diffnvdPatch
- ez.no/de/content/download/321166/3192253/version/1/file/16398.diffnvdPatch
- ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_searchnvdPatchVendor Advisory
- secunia.com/advisories/39101nvdVendor Advisory
- osvdb.org/63237nvd
- osvdb.org/63238nvd
- www.securityfocus.com/bid/38985nvd
- www.siberas.de/advisories/advisories_2010.htmlnvd
News mentions
0No linked articles in our index yet.