CVE-2013-4230

Опубликовано: 21 авг. 2013

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.

Ссылки

http://secunia.com/advisories/54391
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/08/10/1
http://www.securityfocus.com/bid/61711
https://drupal.org/node/2059805
Patch
https://drupal.org/node/2059807
Patch
https://drupal.org/node/2059823
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86326
http://secunia.com/advisories/54391
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/08/10/1
http://www.securityfocus.com/bid/61711
https://drupal.org/node/2059805
Patch
https://drupal.org/node/2059807
Patch
https://drupal.org/node/2059823
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86326

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.19:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.22:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.23:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.24:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.25:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.26:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.27:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.29:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.30:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.31:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.32:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.33:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.34:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.35:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.36:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.37:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.38:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.41:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.42:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.43:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.44:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.48:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.53:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.56:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.57:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.59:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:6.x-6.60:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*

cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00764

Низкий

6 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-222h-9c7q-5wm5

github

около 3 лет назад