Lucene search
RedhatCVE-2012-1650HistoryAug 28, 2012 - 5:55 p.m.
CVE-2012-1650
2012-08-2817:55:04
CWE-264
redhat
web.nvd.nist.gov
27
cve-2012-1650
zipcart
drupal
security vulnerability
access restriction
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.004
Percentile
74.1%
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the “access content” permission instead of the “access ZipCart downloads” permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
Affected configurations
Node
giantrobotzipcartMatch6.x-1.2
ORgiantrobotzipcartMatch6.x-1.3
ORgiantrobotzipcartMatch6.x-1.xdev
drupaldrupalMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| giantrobot | zipcart | 6.x-1.2 | cpe:2.3:a:giantrobot:zipcart:6.x-1.2:*:*:*:*:*:*:* |
| giantrobot | zipcart | 6.x-1.3 | cpe:2.3:a:giantrobot:zipcart:6.x-1.3:*:*:*:*:*:*:* |
| giantrobot | zipcart | 6.x-1.x | cpe:2.3:a:giantrobot:zipcart:6.x-1.x:dev:*:*:*:*:*:* |
| drupal | drupal | - | cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2012-1650
2012-08-28 17:55:04
cvelist
cvelist
CVE-2012-1650
2012-08-28 16:00:00
drupal
drupal
SA-CONTRIB-2012-026 - ZipCart - Access bypass
2012-02-29 00:00:00
prion
prion
Code injection
2012-08-28 17:55:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.004
Percentile
74.1%
Related for CVE-2012-1650