exploitDog

CVE-2015-7306

Опубликовано: 21 сент. 2015

Источник: nvd

CVSS2: 4.9

EPSS Низкий

Описание

The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.

Ссылки

https://www.drupal.org/node/2569111
Patch
https://www.drupal.org/node/2569599
Patch
Vendor Advisory
https://www.drupal.org/node/2569111
Patch
https://www.drupal.org/node/2569599
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupaldise:cms_updater:7.x-1.0:*:*:*:*:drupal:*:*

cpe:2.3:a:drupaldise:cms_updater:7.x-1.1:*:*:*:*:drupal:*:*

cpe:2.3:a:drupaldise:cms_updater:7.x-1.2:*:*:*:*:drupal:*:*

EPSS

Процентиль: 49%

0.00255

Низкий

4.9 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-6qxm-pc52-j488

github

больше 3 лет назад

The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.

EPSS

Процентиль: 49%

0.00255

Низкий

4.9 Medium

CVSS2

Дефекты

CWE-284