eZ Community » Security Advisories » EZSA-2016-005: SQL injection on...

EZSA-2016-005: SQL injection on content view after language parameters

Publication date : 13/09/2016
Severity : High
Affected versions : 4.4-5.4, all community versions at time of writing (legacy only)
Resolving versions : 5.4.7, 5.3.9, and published service packs for all other supported versions

An SQL injection security breach has been detected, which allows SQL statements to be executed after language view parameters. We strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Publish (legacy): https://github.com/ezsystems/ezpublish-legacy/commit/2d4a7bcffd96e472972fbd0a78185b1adf81f17c

36 542 Users on board!

Community Project menu

Proudly Developed with from