CVE-2007-4493 — Publish vulnerability

2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

0.6%

top 31.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EZ Publish

Timeline

PublishedAug 23

Latest updateMay 1

Description

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDez/ez_publish3.8.8+3

🔴Vulnerability Details

GHSA

GHSA-2rmp-82h5-59gg: eZ publish before 3↗2022-05-01

▶