Lucene search

[email protected]CVE-2013-4230

HistoryAug 21, 2013 - 2:55 p.m.

CVE-2013-4230

2013-08-2114:55:07

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4230

monster menus

drupal

webform

submission

access restriction

vulnerability

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.3%

JSON

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the “Who can read data submitted to this webform” permission to delete arbitrary submissions via unspecified vectors.

Affected configurations

NVD

Node

monster_menus_module_projectmonster_menusMatch6.x-6.19

monster_menus_module_projectmonster_menusMatch6.x-6.22

monster_menus_module_projectmonster_menusMatch6.x-6.23

monster_menus_module_projectmonster_menusMatch6.x-6.24

monster_menus_module_projectmonster_menusMatch6.x-6.25

monster_menus_module_projectmonster_menusMatch6.x-6.26

monster_menus_module_projectmonster_menusMatch6.x-6.27

monster_menus_module_projectmonster_menusMatch6.x-6.29

monster_menus_module_projectmonster_menusMatch6.x-6.30

monster_menus_module_projectmonster_menusMatch6.x-6.31

monster_menus_module_projectmonster_menusMatch6.x-6.32

monster_menus_module_projectmonster_menusMatch6.x-6.33

monster_menus_module_projectmonster_menusMatch6.x-6.34

monster_menus_module_projectmonster_menusMatch6.x-6.35

monster_menus_module_projectmonster_menusMatch6.x-6.36

monster_menus_module_projectmonster_menusMatch6.x-6.37

monster_menus_module_projectmonster_menusMatch6.x-6.38

monster_menus_module_projectmonster_menusMatch6.x-6.41

monster_menus_module_projectmonster_menusMatch6.x-6.42

monster_menus_module_projectmonster_menusMatch6.x-6.43

monster_menus_module_projectmonster_menusMatch6.x-6.44

monster_menus_module_projectmonster_menusMatch6.x-6.48

monster_menus_module_projectmonster_menusMatch6.x-6.53

monster_menus_module_projectmonster_menusMatch6.x-6.56

monster_menus_module_projectmonster_menusMatch6.x-6.57

monster_menus_module_projectmonster_menusMatch6.x-6.59

monster_menus_module_projectmonster_menusMatch6.x-6.60

monster_menus_module_projectmonster_menusMatch7.x-1.0

monster_menus_module_projectmonster_menusMatch7.x-1.1

monster_menus_module_projectmonster_menusMatch7.x-1.2

monster_menus_module_projectmonster_menusMatch7.x-1.3

monster_menus_module_projectmonster_menusMatch7.x-1.4

monster_menus_module_projectmonster_menusMatch7.x-1.5

monster_menus_module_projectmonster_menusMatch7.x-1.6

monster_menus_module_projectmonster_menusMatch7.x-1.7

monster_menus_module_projectmonster_menusMatch7.x-1.8

monster_menus_module_projectmonster_menusMatch7.x-1.9

monster_menus_module_projectmonster_menusMatch7.x-1.10

monster_menus_module_projectmonster_menusMatch7.x-1.11

monster_menus_module_projectmonster_menusMatch7.x-1.12

monster_menus_module_projectmonster_menusMatch7.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.19
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.22
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.23
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.24
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.25
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.26
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.27
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.29
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.30
monster_menus_module_project:monster_menusmonster menus module project monster menuseq6.x-6.31

CPE	Name	Operator	Version
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.19
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.22
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.23
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.24
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.25
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.26
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.27
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.29
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.30
monster_menus_module_project:monster_menus	monster menus module project monster menus	eq	6.x-6.31

Rows per page:

1-10 of 411

References

secunia.com/advisories/54391

www.openwall.com/lists/oss-security/2013/08/10/1

www.securityfocus.com/bid/61711

drupal.org/node/2059805

drupal.org/node/2059807

drupal.org/node/2059823

exchange.xforce.ibmcloud.com/vulnerabilities/86326

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2013-4230

nvd1 prion1 cvelist1 drupal1