Injection Attacks via Image Filenames in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x

Injection Attacks via Image Filenames in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x

CVE-2022-25337 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.

Learn more about our Web Application Penetration Testing UK.