The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/91747 - | |
References | () http://packetstormsecurity.com/files/120995/Drupal-Common-Wikis-7.x-Access-Bypass-Privilege-Escalation.html - | |
References | () http://seclists.org/fulldisclosure/2013/Mar/244 - | |
References | () http://secunia.com/advisories/52766 - Vendor Advisory | |
References | () http://secunia.com/advisories/52795 - Vendor Advisory | |
References | () https://drupal.org/node/1954766 - Patch, Vendor Advisory | |
References | () https://drupal.org/node/1954768 - Patch | |
References | () https://drupal.org/node/1954948 - Patch |
Information
Published : 2013-07-16 18:55
Updated : 2024-11-21 01:50
NVD link : CVE-2013-1908
Mitre link : CVE-2013-1908
CVE.ORG link : CVE-2013-1908
JSON object : View
Products Affected
commons_wikis_project
- commons_wikis
acquia
- commons
drupal
- drupal
CWE
CWE-264
Permissions, Privileges, and Access Controls