CVE-2007-4493

2007-08-23T01:17:00
ID CVE-2007-4493
Type cve
Reporter cve@mitre.org
Modified 2015-07-27T18:36:00

Description

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.