Security advisory: IBEXA-SA-2021-001

SQL injection vulnerability in EcontentController
Publication date:
02/02/2021, 13:55

Severity:
High

Affected versions: ezsystems/ezcommerce-admin-ui v1.1.3, v1.2.0, ezsystems/ezcommerce-erp-admin v2.5.1
Resolving versions: ezsystems/ezcommerce-admin-ui v1.1.3.1, v1.2.0.1, ezsystems/ezcommerce-erp-admin v2.5.1.1

This Security Advisory is about a vulnerability in Ibexa Commerce. There is an SQL injection vulnerability in EcontentController. The fix is distributed via Composer, see resolving versions above.

If you come across a security issue in our products, here is how you can report it to us: https://doc.ibexa.co/en/latest/guide/reporting_issues/#toc


Have you found a security bug in Ibexa DXP? See how to report it responsibly here: https://doc.ezplatform.com/en/latest/guide/reporting_issues/

All security advisories