Lucene search

[email protected]CVE-2013-4500

HistoryMay 13, 2014 - 3:55 p.m.

CVE-2013-4500

2014-05-1315:55:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4500

drupal

quiz module

authenticated users

remote access

results deletion

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.3%

JSON

The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the “view any quiz results” or “view results for own quiz” permission to delete arbitrary results via the delete option.

Affected configurations

NVD

Node

quiz_module_projectquizMatch6.x-4.0-drupal

quiz_module_projectquizMatch6.x-4.0alpha1drupal

quiz_module_projectquizMatch6.x-4.0alpha2drupal

quiz_module_projectquizMatch6.x-4.0alpha3drupal

quiz_module_projectquizMatch6.x-4.0alpha4drupal

quiz_module_projectquizMatch6.x-4.0alpha5drupal

quiz_module_projectquizMatch6.x-4.0beta1drupal

quiz_module_projectquizMatch6.x-4.0beta2drupal

quiz_module_projectquizMatch6.x-4.0beta3drupal

quiz_module_projectquizMatch6.x-4.0beta4drupal

quiz_module_projectquizMatch6.x-4.0beta5drupal

quiz_module_projectquizMatch6.x-4.0beta6drupal

quiz_module_projectquizMatch6.x-4.0beta7drupal

quiz_module_projectquizMatch6.x-4.0beta8drupal

quiz_module_projectquizMatch6.x-4.0devdrupal

quiz_module_projectquizMatch6.x-4.0rc1drupal

quiz_module_projectquizMatch6.x-4.0rc10drupal

quiz_module_projectquizMatch6.x-4.0rc2drupal

quiz_module_projectquizMatch6.x-4.0rc3drupal

quiz_module_projectquizMatch6.x-4.0rc4drupal

quiz_module_projectquizMatch6.x-4.0rc5drupal

quiz_module_projectquizMatch6.x-4.0rc6drupal

quiz_module_projectquizMatch6.x-4.0rc7drupal

quiz_module_projectquizMatch6.x-4.0rc8drupal

quiz_module_projectquizMatch6.x-4.0rc9drupal

quiz_module_projectquizMatch6.x-4.1drupal

quiz_module_projectquizMatch6.x-4.2drupal

quiz_module_projectquizMatch6.x-4.3drupal

quiz_module_projectquizMatch6.x-4.4drupal

CPENameOperatorVersion
quiz_module_project:quizquiz module project quizeq6.x-4.0
quiz_module_project:quizquiz module project quizeq6.x-4.1
quiz_module_project:quizquiz module project quizeq6.x-4.2
quiz_module_project:quizquiz module project quizeq6.x-4.3
quiz_module_project:quizquiz module project quizeq6.x-4.4

CPE	Name	Operator	Version
quiz_module_project:quiz	quiz module project quiz	eq	6.x-4.0
quiz_module_project:quiz	quiz module project quiz	eq	6.x-4.1
quiz_module_project:quiz	quiz module project quiz	eq	6.x-4.2
quiz_module_project:quiz	quiz module project quiz	eq	6.x-4.3
quiz_module_project:quiz	quiz module project quiz	eq	6.x-4.4

References

seclists.org/oss-sec/2013/q4/210

drupal.org/node/2123727

drupal.org/node/2123995

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for CVE-2013-4500

prion1 nvd1 cvelist1 drupal1