CVE-2022-25337
CRITICALIbexa DXP ezsystems/ezpublish-kernel 7.5.0-7.5.25 and 1.3.0-1.3.11 - Injection via Image Filenames
Title source: llmDescription
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
Scores
CVSS v3
9.8
EPSS
0.0104
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (2)
ezsystems/ezpublish-kernel
7.5.0 - 7.5.26Packagist
ibexa/ez_platform_kernel
1.3.0 - 1.3.12
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026