Vulnerability Details : CVE-2013-1908
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
Products affected by CVE-2013-1908
- cpe:2.3:a:acquia:commons:*:*:*:*:*:*:*:*
- cpe:2.3:a:acquia:commons:7.x-3.x:dev:*:*:*:*:*:*
- cpe:2.3:a:commons_wikis_project:commons_wikis:*:*:*:*:*:*:*:*
- cpe:2.3:a:commons_wikis_project:commons_wikis:7.x-3.x:dev:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1908
0.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1908
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1908
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1908
-
https://drupal.org/node/1954948
Access to this page has been denied.Patch
-
http://packetstormsecurity.com/files/120995/Drupal-Common-Wikis-7.x-Access-Bypass-Privilege-Escalation.html
Drupal Common Wikis 7.x Access Bypass / Privilege Escalation ≈ Packet Storm
-
https://drupal.org/node/1954766
Access to this page has been denied.Patch;Vendor Advisory
-
http://seclists.org/fulldisclosure/2013/Mar/244
Full Disclosure: [Security-news] SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation
-
https://drupal.org/node/1954768
commons_wikis 7.x-3.1 | Drupal.orgPatch
Jump to