Lucene search

[email protected]CVE-2007-4493

HistoryAug 23, 2007 - 1:17 a.m.

CVE-2007-4493

2007-08-2301:17:00

[email protected]

web.nvd.nist.gov

ez publish

cve-2007-4493

security

vulnerability

permission check

shop module

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

Affected configurations

NVD

Node

ezez_publishRange≤3.8.8

ezez_publishMatch3.9.0

ezez_publishMatch3.9.1

ezez_publishMatch3.9.2

CPENameOperatorVersion
ez:ez_publishez ez publishle3.8.8
ez:ez_publishez ez publisheq3.9.0
ez:ez_publishez ez publisheq3.9.1
ez:ez_publishez ez publisheq3.9.2

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	le	3.8.8
ez:ez_publish	ez ez publish	eq	3.9.0
ez:ez_publish	ez ez publish	eq	3.9.1
ez:ez_publish	ez ez publish	eq	3.9.2

References

ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9

ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3

osvdb.org/40324

secunia.com/advisories/26686

www.securityfocus.com/bid/25539

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2007-4493

nvd1 prion1 ubuntucve1 cvelist1