Advisories for Composer/Ezsystems/Ezpublish-Legacy package

2024

EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if you have strict controls on this and trust all who have this permission, you're not affected. On the …

eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate a hash for the "forgot password" feature. This protects accounts against being taken over through attacks trying to predict the hash. …

eZ Publish Legacy Passwordless login for LDAP users

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may in rare cases be vulnerable to a failure of the standard login handler to verify passwords correctly, allowing unauthorised access. If …

eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy via the LegacyBridge. Installations where all modules are disabled may be vulnerable to XSS injection in the module name. This is a rare configuration, but we still recommend installing the update, which adds the necessary input washing. To install, use Composer to update to …

eZ Publish Information disclosure in backend content tree menu

This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may contain hidden items, this may lead to information disclosure. We recommend that you install this Security Update as soon as possible. …

Ez Platform Object Injection in legacy shop module

This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that's why it was classified as Medium severity.

Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in some cases allow the execution of uploaded PHP/PHAR code. This can be abused to allow priviledge escalation and breach of …

2021
2020
2018
2017