<p>Upgrade <code>ezsystems/ezpublish-legacy</code> to version 2019.3.5.1, 2017.12.7.3 or higher.</p>

=2017.12.0, <2017.12.7.3

Snyk CVSS

Attack Complexity High

Privileges Required High

Confidentiality High

Integrity High

Availability High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-EZSYSTEMSEZPUBLISHLEGACY-1015817
published 6 Oct 2020
disclosed 6 Oct 2020
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 6 Oct 2020

CWE-94 Open this link in a new tab

How to fix?

Upgrade ezsystems/ezpublish-legacy to version 2019.3.5.1, 2017.12.7.3 or higher.

Overview

ezsystems/ezpublish-legacy is a professional PHP application framework with advanced CMS functionality.

Affected versions of this package are vulnerable to Object Injection via discount rules. This would require backend access and permission to edit discount rules.

References

ezplatform Security Advisory