Описание
Ez Platform Object Injection in legacy shop module
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that's why it was classified as Medium severity.
Пакеты
Наименование
ezsystems/ezpublish-legacy
composer
Затронутые версииВерсия исправления
>= 2019.3.0, < 2019.3.5.1
2019.3.5.1
Наименование
ezsystems/ezpublish-legacy
composer
Затронутые версииВерсия исправления
>= 2017.12.0, < 2017.12.7.3
2017.12.7.3
Наименование
ezsystems/ezpublish-legacy
composer
Затронутые версииВерсия исправления
>= 5.4.0, < 5.4.14.2
5.4.14.2
Дефекты
CWE-94
Дефекты
CWE-94