This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, thatβs why it was classified as Medium severity.
CPE | Name | Operator | Version |
---|---|---|---|
ezsystems/ezpublish-legacy | lt | 5.4.14.2 | |
ezsystems/ezpublish-legacy | lt | 2017.12.7.3 | |
ezsystems/ezpublish-legacy | lt | 2019.3.5.1 |