CVE-2013-4594

Published Oct 25, 2014

Last updated 3 months ago

CVSS info 4.3

Overview

Description: The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C08AD53-7307-4D4C-80F7-8B76EA7976F8"
          },
          {
            "criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE01A855-12F1-49F8-B339-798F48E3A4E8"
          },
          {
            "criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8607B7F6-6E26-420B-8F00-D13F4082B93D"
          },
          {
            "criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.3:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AE2B677-38DF-466B-BB3C-4D9F9DA2BB9D"
          },
          {
            "criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.4:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD4F7080-B247-4C19-A37C-8B6FAEEA0E24"
          },
          {
            "criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.5:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01139DB1-49C1-4C7F-9F97-25ADBDC0E332"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References