CVE-2012-1650

Sažetak

The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

Reference

http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79766
http://www.securityfocus.com/bid/52231
https://drupal.org/node/1460892
https://drupal.org/node/1461446
https://exchange.xforce.ibmcloud.com/vulnerabilities/73609

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:31

Objavljeno

28-08-2012 - 17:55