← Zuruck zu CVEs

CVE-2012-1650

N/A

Beschreibung

The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht8/28/2012

Zuletzt geandert4/11/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

drupal:drupalgiantrobot:zipcart

Schwachen (CWE)

CWE-264

Referenzen

http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2(secalert@redhat.com)

http://www.openwall.com/lists/oss-security/2012/04/07/1(secalert@redhat.com)

http://www.osvdb.org/79766(secalert@redhat.com)

http://www.securityfocus.com/bid/52231(secalert@redhat.com)

https://drupal.org/node/1460892(secalert@redhat.com)

https://drupal.org/node/1461446(secalert@redhat.com)

https://exchange.xforce.ibmcloud.com/vulnerabilities/73609(secalert@redhat.com)

http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2(af854a3a-2127-422b-91ae-364da2661108)

http://www.openwall.com/lists/oss-security/2012/04/07/1(af854a3a-2127-422b-91ae-364da2661108)

http://www.osvdb.org/79766(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/52231(af854a3a-2127-422b-91ae-364da2661108)

https://drupal.org/node/1460892(af854a3a-2127-422b-91ae-364da2661108)

https://drupal.org/node/1461446(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/73609(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.