2 matches found
CVE-2013-4500
CVE-2013-4500 concerns the Drupal Quiz module (6.x-4.x) prior to 6.x-4.5. The root cause is insufficient access control: remote authenticated users with either "view any quiz results" or "view results for own quiz" permissions can delete arbitrary results via the delete option. Impact is denial o...
SA-CONTRIB-2013-083 - Quiz - Access Bypass
Access bypass on deleting quiz results The Quiz module provides tools for authoring and administering quizzes through Drupal. A quiz is given as a series of questions, with only one question appearing per page. Scores are then stored in the database. The module doesn't sufficiently check the dele...