CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
70.4%
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page.
Vendor | Product | Version | CPE |
---|---|---|---|
logintoboggan_project | logintoboggan | 7.x-1.0 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.0:*:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.0 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.0:alpha1:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.0 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.0:alpha2:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.0 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.0:alpha3:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.1 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.1:*:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.2 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.2:*:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.3 | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.3:*:*:*:*:drupal:*:* |
logintoboggan_project | logintoboggan | 7.x-1.x | cpe:2.3:a:logintoboggan_project:logintoboggan:7.x-1.x:x-dev:*:*:*:drupal:*:* |