eZ Community » Security Advisories » EZSA-2012-004: Content removal access...

EZSA-2012-004: Content removal access check issue in ezstyleeditor extension

Publication date : 26/03/2012
Severity : High
Affected versions : eZ Style Editor 1.4, 1.3, 1.2, 1.1, 1.0
Resolving versions : eZ Style Editor 1.5
References : EZSA-2012-001, EZSA-2012-002, EZSA-2012-003, EZSA-2012-005

This Security Advisory covers an issue related to image removal in the eZ Style Editor extension. An attacker may be able to delete any object, by knowing or guessing its node ID. This vulnerability can be exploited by anonymous users, and it is strongly recommended to install this patch as soon as possible.

We recommend that you disable this extension until you have installed this patch.

Patch available on Github (see link below).
A Security Update with the reference EZPESU-2012-004-EZSTYLEEDITOR1.x is available for eZ Publish Enterprise customers.


eZ Systems would like to thank Yann MICHARD at security consulting company OPPIDA for contributing information that led us to the discovery of this vulnerability.



36 542 Users on board!

Community Project menu

Proudly Developed with from