Page 2 of 6 results (0.019 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. Ibexa DXP ezsystems/ezpublish-kernel versiones 7.5.x anteriores a 7.5.26 y versiones 1.3.x anteriores a 1.3.12, permite ataques de inyección por medio de nombres de archivos de imágenes • https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •