eZ publish prior to 3.8.9, and 3.9 prior to 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ez ez publish 3.9.0 |
||
ez ez publish 3.9.1 |
||
ez ez publish |
||
ez ez publish 3.9.2 |