Vulnerability Description
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chris Shattuck | Ajaxtable | 5.x-1.x-dev |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/560298Vendor Advisory
- http://secunia.com/advisories/36497Vendor Advisory
- http://www.osvdb.org/57435
- http://www.securityfocus.com/bid/36165
- http://www.vupen.com/english/advisories/2009/2452Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52818
- http://drupal.org/node/560298Vendor Advisory
- http://secunia.com/advisories/36497Vendor Advisory
- http://www.osvdb.org/57435
- http://www.securityfocus.com/bid/36165
- http://www.vupen.com/english/advisories/2009/2452Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52818
FAQ
What is CVE-2009-3122?
CVE-2009-3122 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
How severe is CVE-2009-3122?
CVE-2009-3122 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3122?
Check the references section above for vendor advisories and patch information. Affected products include: Chris Shattuck Ajaxtable, Drupal Drupal.