Vulnerability Description
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Morbus Iff | Activism | 6.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1762152Patch
- http://drupal.org/node/1762160PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://drupal.org/node/1762152Patch
- http://drupal.org/node/1762160PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
FAQ
What is CVE-2012-4498?
CVE-2012-4498 is a vulnerability with a CVSS score of 7.5 (HIGH). The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly ha...
How severe is CVE-2012-4498?
CVE-2012-4498 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4498?
Check the references section above for vendor advisories and patch information. Affected products include: Morbus Iff Activism, Drupal Drupal.