Unrated severityNVD Advisory· Published Aug 23, 2007· Updated Apr 23, 2026

CVE-2007-4493

Description

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

Affected products

Ez/Ez Publish4 versions
cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*range: <=3.8.8
- cpe:2.3:a:ez:ez_publish:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.9.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9nvd
ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9nvd
ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3nvd
osvdb.org/40324nvd
secunia.com/advisories/26686nvd
www.securityfocus.com/bid/25539nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000