eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-08-23 01:17
Updated : 2024-02-28 11:01
NVD link : CVE-2007-4493
Mitre link : CVE-2007-4493
CVE.ORG link : CVE-2007-4493
JSON object : View
Products Affected
ez
- ez_publish
CWE