Vulnerabilities > CVE-2007-4493 - Unspecified vulnerability in eZ Publish No Policy Function
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
Vulnerable Configurations
References
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3
- http://osvdb.org/40324
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25539