CVE-2007-4493

Name of the Vulnerable Software and Affected Versions eZ publish versions prior to 3.8.9 eZ publish versions 3.9.0 through 3.9.2

Description The issue is related to improper permission checks on module views without a policy function. This is demonstrated by a vulnerability in the discount functionality of the shop module, though the exact impact and attack vectors are not specified.

Recommendations For versions prior to 3.8.9, update to version 3.8.9 or later. For versions 3.9.0 through 3.9.2, update to version 3.9.3 or later.