CVE-2012-1650
N/A
N/A
Summary
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
- https://drupal.org/node/1461446
- https://drupal.org/node/1460892
- http://www.osvdb.org/79766
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73609
- http://www.securityfocus.com/bid/52231
References
- http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
- https://drupal.org/node/1461446
- https://drupal.org/node/1460892
- http://www.osvdb.org/79766
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73609
- http://www.securityfocus.com/bid/52231
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.