eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
CPE | Name | Operator | Version |
---|---|---|---|
ez_publish | le | 3.8.8 | |
ez_publish | eq | 3.9.0 | |
ez_publish | eq | 3.9.2 | |
ez_publish | eq | 3.9.1 |