Vulnerability CVE-2012-1650


Published: 2012-08-28

Description:
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Giantrobot -> Zipcart 

 References:
https://drupal.org/node/1461446
https://drupal.org/node/1460892
http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
http://xforce.iss.net/xforce/xfdb/73609
http://www.securityfocus.com/bid/52231
http://www.osvdb.org/79766
http://www.openwall.com/lists/oss-security/2012/04/07/1

Copyright 2024, cxsecurity.com

 

Back to Top