CVE-2013-4230
N/A
N/A
Summary
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://drupal.org/node/2059807
- https://drupal.org/node/2059823
- http://www.securityfocus.com/bid/61711
- http://www.openwall.com/lists/oss-security/2013/08/10/1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86326
- https://drupal.org/node/2059805
- http://secunia.com/advisories/54391
References
- https://drupal.org/node/2059807
- https://drupal.org/node/2059823
- http://www.securityfocus.com/bid/61711
- http://www.openwall.com/lists/oss-security/2013/08/10/1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86326
- https://drupal.org/node/2059805
- http://secunia.com/advisories/54391
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.