Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
eZ publish未限制文件上载漏洞
Vulnerability Description
eZ publish 3.5的3.5.5之前版本,3.6的3.6.2之前版本,3.7的3.7.0rc2之前版本和3.8的20050922之前版本存在未限制文件上载漏洞,它没有限制图片数据类型为图片内容类型,远程认证用户可上载某些文件类型,如.js文件,从而可能引起跨站脚本攻击或其他攻击。
CVSS Information
N/A
Vulnerability Type
N/A