exploitDog

CVE-2015-5499

Опубликовано: 18 авг. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.

Ссылки

http://www.openwall.com/lists/oss-security/2015/07/04/4
https://www.drupal.org/node/2492245
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/04/4
https://www.drupal.org/node/2492245
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:navigate_project:navigate:-:*:*:*:*:drupal:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-v26v-8qq2-4jwc

github

больше 3 лет назад

The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.

EPSS

Процентиль: 33%

0.00129

Низкий

4 Medium

CVSS2

Дефекты

CWE-264