Vulnerability Description
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fast Permissions Administration Project | Fast Permission Administration | 6.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/07/06/3
- https://drupal.org/node/2028417Patch
- https://drupal.org/node/2028421Patch
- https://drupal.org/node/2028813Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/07/06/3
- https://drupal.org/node/2028417Patch
- https://drupal.org/node/2028421Patch
- https://drupal.org/node/2028813Vendor Advisory
FAQ
What is CVE-2013-2247?
CVE-2013-2247 is a vulnerability with a CVSS score of 7.5 (HIGH). The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers t...
How severe is CVE-2013-2247?
CVE-2013-2247 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2247?
Check the references section above for vendor advisories and patch information. Affected products include: Fast Permissions Administration Project Fast Permission Administration, Drupal Drupal.