Vulnerability Description
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option.
CVSS Score
4.9
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quiz Module Project | Quiz | 6.x-4.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2013/q4/210
- https://drupal.org/node/2123727Patch
- https://drupal.org/node/2123995PatchVendor Advisory
- http://seclists.org/oss-sec/2013/q4/210
- https://drupal.org/node/2123727Patch
- https://drupal.org/node/2123995PatchVendor Advisory
FAQ
What is CVE-2013-4500?
CVE-2013-4500 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delet...
How severe is CVE-2013-4500?
CVE-2013-4500 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4500?
Check the references section above for vendor advisories and patch information. Affected products include: Quiz Module Project Quiz.