CVE-2022-25336

MEDIUM

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x < 7.5.26 and 1.3.x < 1.3.12 - IDOR via Image Path and Filename

Title source: llm

Description

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.

References (1)

Core 1

Core References

Mitigation, Vendor Advisory x_refsource_misc

https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization

Scores

CVSS v3 5.3

EPSS 0.0070

EPSS Percentile 48.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-639

Status published

Products (2)

ezsystems/ezplatform-kernel 1.3.0 - 1.3.12Packagist

ibexa/ez_platform_kernel 1.3.0 - 1.3.12

Published Feb 18, 2022

Tracked Since Feb 18, 2026