Vulnerability CVE-2013-4230
Published: 2013-08-21

Description:
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Monster menu module project -> Monster menu 

 References:
https://drupal.org/node/2059807
https://drupal.org/node/2059805
https://drupal.org/node/2059823
http://xforce.iss.net/xforce/xfdb/86326
http://www.securityfocus.com/bid/61711
http://www.openwall.com/lists/oss-security/2013/08/10/1
http://secunia.com/advisories/54391
Copyright 2024, cxsecurity.com

 

Back to Top