Описание
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
Ссылки
- Patch
- Patch
- PatchVendor Advisory
- Patch
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:giantrobot:zipcart:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:giantrobot:zipcart:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:giantrobot:zipcart:6.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00406
Низкий
6 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
EPSS
Процентиль: 60%
0.00406
Низкий
6 Medium
CVSS2
Дефекты
CWE-264