Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:14 a.m.6 views

CVE-2013-4379

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL...

6.4CVSS7.1AI score0.01358EPSS
Exploits0References1
NVD
NVD
added 2013/10/09 5:55 p.m.18 views

CVE-2013-4379

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL...

6.4CVSS6.7AI score0.01358EPSS
Exploits0References4
CVE
CVE
added 2013/10/09 5:0 p.m.36 views

CVE-2013-4379

The Make Meeting Scheduler module for Drupal (6.x-1.x, affected prior to 6.x-1.3) allows remote attackers to bypass access restrictions by requesting a poll via the node URL instead of the hashed URL. Root cause: insufficient access validation when a poll is accessed directly through its node URL...

6.4CVSS6.9AI score0.01358EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2013/09/04 12:0 a.m.21 views

SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass

This module enables you to create polls accessible by an url with hash e.g. example.com/makemeeting/sn9028xh3398 so that anonymous users can view and vote on the poll. The module didn't sufficiently check access when a poll is accessed directly via its node url e.g. node/123. Note: a user with th...

6.4CVSS6.4AI score0.01358EPSS
Exploits0References9
Rows per page
Query Builder