Vulnerability Details : CVE-2012-1650
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
Products affected by CVE-2012-1650
- cpe:2.3:a:giantrobot:zipcart:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:giantrobot:zipcart:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:giantrobot:zipcart:6.x-1.x:dev:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1650
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1650
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2012-1650
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1650
-
http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
Patch
-
https://drupal.org/node/1461446
Patch;Vendor Advisory
-
https://drupal.org/node/1460892
mediafront 6.x-1.5 | Drupal.orgPatch
-
http://www.openwall.com/lists/oss-security/2012/04/07/1
oss-security - CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73609
ZipCart module for Drupal archives security bypass CVE-2012-1650 Vulnerability Report
-
http://www.securityfocus.com/bid/52231
Drupal ZipCart Module Access Security Bypass Vulnerability
Jump to