CVE-2013-2122

Sažetak

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.

Reference

http://osvdb.org/93725
http://seclists.org/fulldisclosure/2013/May/208
http://secunia.com/advisories/53556
http://www.openwall.com/lists/oss-security/2013/05/29/9
http://www.securityfocus.com/bid/60209
https://drupal.org/node/2006188
https://drupal.org/node/2007048
https://exchange.xforce.ibmcloud.com/vulnerabilities/84630

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

16-07-2013 - 18:55