Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-5515

Опубликовано: 18 авг. 2015
Источник: nvd
CVSS2: 4.9
EPSS Низкий

Описание

The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:6.x-1.17:*:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:6.x-1.x:dev:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:*:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:alpha1:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:alpha2:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:alpha3:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:beta1:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:beta2:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:beta3:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:rc1:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.1:*:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.2:*:*:*:*:drupal:*:*
cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.x:dev:*:*:*:drupal:*:*

EPSS

Процентиль: 68%
0.0056
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-46h3-jp8h-qchw

github
больше 3 лет назад

The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled.

EPSS

Процентиль: 68%
0.0056
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264