PT-2007-5669 · Ez Systems · Ez Publish
Published
2007-08-23
·
Updated
2015-07-27
·
CVE-2007-4493
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
eZ publish versions prior to 3.8.9
eZ publish versions 3.9.0 through 3.9.2
Description
The issue is related to improper permission checks on module views without a policy function. This is demonstrated by a vulnerability in the discount functionality of the shop module, though the exact impact and attack vectors are not specified.
Recommendations
For versions prior to 3.8.9, update to version 3.8.9 or later.
For versions 3.9.0 through 3.9.2, update to version 3.9.3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ez Publish