CVE-2013-4594
Published Oct 25, 2014
Last updated 10 years ago
Overview
- Description
- The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.0:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "4C08AD53-7307-4D4C-80F7-8B76EA7976F8"
},
{
"criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.1:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "EE01A855-12F1-49F8-B339-798F48E3A4E8"
},
{
"criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.2:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "8607B7F6-6E26-420B-8F00-D13F4082B93D"
},
{
"criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.3:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "8AE2B677-38DF-466B-BB3C-4D9F9DA2BB9D"
},
{
"criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.4:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "BD4F7080-B247-4C19-A37C-8B6FAEEA0E24"
},
{
"criteria": "cpe:2.3:a:payment_for_webform_project:payment_for_webform:7.x-1.5:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "01139DB1-49C1-4C7F-9F97-25ADBDC0E332"
}
],
"operator": "OR"
}
]
}
]