Lucene search

K
githubGitHub Advisory DatabaseGHSA-39J2-4P9J-5W4J
HistoryMay 15, 2024 - 9:32 p.m.

Ez Platform Object Injection in legacy shop module

2024-05-1521:32:29
CWE-94
GitHub Advisory Database
github.com
1
ez platform
object injection
legacy shop module
backend editor
discount rules
permission
medium severity

7.2 High

AI Score

Confidence

Low

This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that’s why it was classified as Medium severity.

Affected configurations

Vulners
Node
ezsystemsezpublish-legacyRange<5.4.14.2
OR
ezsystemsezpublish-legacyRange<2017.12.7.3
OR
ezsystemsezpublish-legacyRange<2019.3.5.1

7.2 High

AI Score

Confidence

Low