Vulnerability Description
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quade | Edit Limit | 7.x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/93725
- http://seclists.org/fulldisclosure/2013/May/208
- http://secunia.com/advisories/53556Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/05/29/9
- http://www.securityfocus.com/bid/60209
- https://drupal.org/node/2006188Vendor Advisory
- https://drupal.org/node/2007048Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84630
- http://osvdb.org/93725
- http://seclists.org/fulldisclosure/2013/May/208
- http://secunia.com/advisories/53556Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/05/29/9
- http://www.securityfocus.com/bid/60209
- https://drupal.org/node/2006188Vendor Advisory
- https://drupal.org/node/2007048Vendor Advisory
FAQ
What is CVE-2013-2122?
CVE-2013-2122 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary com...
How severe is CVE-2013-2122?
CVE-2013-2122 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2122?
Check the references section above for vendor advisories and patch information. Affected products include: Quade Edit Limit, Drupal Drupal.