Vulnerabilities > EZ > EZ Publish > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-23 | CVE-2007-4493 | Unspecified vulnerability in eZ Publish No Policy Function eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module. | 10.0 |
| 2005-12-31 | CVE-2005-4853 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings. | 9.4 |