Lucene search
HistoryOct 25, 2014 - 10:55 p.m.
CVE-2013-4594
cve-2013-4594
payment for webform module
drupal
access restriction
remote vulnerability
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.4%
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
Affected configurations
Node
payment_for_webform_projectpayment_for_webformMatch7.x-1.0drupal
ORpayment_for_webform_projectpayment_for_webformMatch7.x-1.1drupal
ORpayment_for_webform_projectpayment_for_webformMatch7.x-1.2drupal
ORpayment_for_webform_projectpayment_for_webformMatch7.x-1.3drupal
ORpayment_for_webform_projectpayment_for_webformMatch7.x-1.4drupal
ORpayment_for_webform_projectpayment_for_webformMatch7.x-1.5drupal
Related
drupal
drupal
SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass
2013-11-06 00:00:00
prion
prion
Design/Logic Flaw
2014-10-25 22:55:00
cvelist
cvelist
CVE-2013-4594
2014-10-25 22:00:00
nvd
nvd
CVE-2013-4594
2014-10-25 22:55:01
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.4%
Related for CVE-2013-4594