Vulnerability Description
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Monster Menus Project | Monster Menus | 6.x-6.19 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/54391Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/1
- http://www.securityfocus.com/bid/61711
- https://drupal.org/node/2059805Patch
- https://drupal.org/node/2059807Patch
- https://drupal.org/node/2059823Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86326
- http://secunia.com/advisories/54391Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/1
- http://www.securityfocus.com/bid/61711
- https://drupal.org/node/2059805Patch
- https://drupal.org/node/2059807Patch
- https://drupal.org/node/2059823Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86326
FAQ
What is CVE-2013-4230?
CVE-2013-4230 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authen...
How severe is CVE-2013-4230?
CVE-2013-4230 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4230?
Check the references section above for vendor advisories and patch information. Affected products include: Monster Menus Project Monster Menus, Drupal Drupal.