4 matches found
CVE-2013-4379
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL...
CVE-2013-4379
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL...
CVE-2013-4379
The Make Meeting Scheduler module for Drupal (6.x-1.x, affected prior to 6.x-1.3) allows remote attackers to bypass access restrictions by requesting a poll via the node URL instead of the hashed URL. Root cause: insufficient access validation when a poll is accessed directly through its node URL...
SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass
This module enables you to create polls accessible by an url with hash e.g. example.com/makemeeting/sn9028xh3398 so that anonymous users can view and vote on the poll. The module didn't sufficiently check access when a poll is accessed directly via its node url e.g. node/123. Note: a user with th...