CVE-2013-2122

2013-07-1618:00:00

redhat

www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.0%

JSON

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the “edit comments” permission to edit arbitrary comments of other users via unspecified vectors.

References

osvdb.org/93725

seclists.org/fulldisclosure/2013/May/208

secunia.com/advisories/53556

www.openwall.com/lists/oss-security/2013/05/29/9

www.securityfocus.com/bid/60209

drupal.org/node/2006188

drupal.org/node/2007048

exchange.xforce.ibmcloud.com/vulnerabilities/84630