PT-2018-4202 · Brookins Consulting+1 · Collected Information Export Extension+1

Published

2018-04-27

Updated

2018-06-06

CVE-2014-2552

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Brookins Consulting (BC) Collected Information Export extension for eZ Publish version 1.1.0

Description The issue allows remote attackers to gain access to sensitive data due to improper access restriction.

Recommendations For version 1.1.0, update the extension to properly restrict access to sensitive data, or consider disabling the extension until a proper fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-2552

Affected Products

Collected Information Export Extension

Ez Publish

PT-2018-4202 · Brookins Consulting+1 · Collected Information Export Extension+1

CVE-2014-2552

Weakness Enumeration

Related Identifiers

Affected Products

References · 4