Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ibexa DXP 安全漏洞
Vulnerability Description
Ibexa Dxp是挪威Ibexa公司的一个单一的技术堆栈数字体验平台。用于帮助 B2B 公司将传统的销售策略转变为无摩擦的购买体验。 Ibexa DXP ezsystems/ezpublish-kernel 存在安全漏洞,该漏洞源于7.5.26 之前的 Ibexa DXP ezsystems/ezpublish-kernel的7.5.x 版本和 1.3.12 之前的 1.3.x版本允许对图像文件进行不安全直接对象引用 (IDOR) 攻击,因为可以正确推断图像路径和文件名。
CVSS Information
N/A
Vulnerability Type
N/A