PT-2020-12336 · Ez Systems · Ezpublish-Kernel+1
Maxime Ropelewski
·
Published
2020-03-22
·
Updated
2022-05-24
·
CVE-2020-10806
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eZ Publish Kernel versions 5.4.14.1 and earlier, 6.x versions prior to 6.13.6.2, 7.x versions prior to 7.5.6.2
eZ Publish Legacy versions 5.4.14.1 and earlier, 2017 versions prior to 2017.12.7.2, 2019 versions prior to 2019.03.4.2
Description
The issue allows remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.
Recommendations
For eZ Publish Kernel versions 5.4.14.1 and earlier, 6.x versions prior to 6.13.6.2, 7.x versions prior to 7.5.6.2, update to version 5.4.14.1, 6.13.6.2, or 7.5.6.2 respectively to resolve the issue.
For eZ Publish Legacy versions 5.4.14.1 and earlier, 2017 versions prior to 2017.12.7.2, 2019 versions prior to 2019.03.4.2, update to version 5.4.14.1, 2017.12.7.2, or 2019.03.4.2 respectively to resolve the issue.
As a temporary workaround, consider configuring the vhost to permit only app.php execution until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ezpublish-Kernel
Ez Publish Legacy