Insecure Direct Object Reference (IDOR) Vulnerability in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x

Insecure Direct Object Reference (IDOR) Vulnerability in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x

CVE-2022-25336 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.

Learn more about our Web Application Penetration Testing UK.