Lucene search

K
osvGoogleOSV:GHSA-39J2-4P9J-5W4J
HistoryMay 15, 2024 - 9:32 p.m.

Ez Platform Object Injection in legacy shop module

2024-05-1521:32:29
Google
osv.dev
3
ez platform
object injection
legacy shop module
discount rules
medium severity
backend access
permission
administrators

7.2 High

AI Score

Confidence

Low

This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that’s why it was classified as Medium severity.

7.2 High

AI Score

Confidence

Low