Lucene search

[email protected]NVD:CVE-2013-4594

HistoryOct 25, 2014 - 10:55 p.m.

CVE-2013-4594

2014-10-2522:55:01

CWE-287

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

Affected configurations

NVD

Node

payment_for_webform_projectpayment_for_webformMatch7.x-1.0drupal

payment_for_webform_projectpayment_for_webformMatch7.x-1.1drupal

payment_for_webform_projectpayment_for_webformMatch7.x-1.2drupal

payment_for_webform_projectpayment_for_webformMatch7.x-1.3drupal

payment_for_webform_projectpayment_for_webformMatch7.x-1.4drupal

payment_for_webform_projectpayment_for_webformMatch7.x-1.5drupal

References

seclists.org/oss-sec/2013/q4/317

secunia.com/advisories/55431

drupal.org/node/2128345

drupal.org/node/2129373

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for NVD:CVE-2013-4594

cve1 drupal1 prion1 cvelist1