Vulnerability Details : CVE-2012-2096
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.
Vulnerability category: Input validation
Products affected by CVE-2012-2096
- cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.x:*:*:*:*:*:*:*
- cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.20:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2096
1.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2096
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2096
-
http://drupal.org/node/1528614
SA-CONTRIB-2012-058 - Fivestar - Input Validation | Drupal.orgPatch;Vendor Advisory
-
http://drupalcode.org/project/fivestar.git/commitdiff/75dba2c
Access to this page has been denied.Exploit;Patch
-
http://drupal.org/node/1528600
fivestar 6.x-1.20 | Drupal.orgPatch
-
http://www.securityfocus.com/bid/52984
Drupal Fivestar Module Remote Input Validation VulnerabilityPatch
-
http://www.openwall.com/lists/oss-security/2012/04/11/4
oss-security - CVE Request for Drupal Contributed Advisories on 2012-04-11
-
http://www.openwall.com/lists/oss-security/2012/04/12/2
oss-security - Re: CVE Request for Drupal Contributed Advisories on 2012-04-11
Jump to