Vulnerability Details : CVE-2012-4498
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.
Exploit prediction scoring system (EPSS) score for CVE-2012-4498
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4498
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-4498
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4498
-
http://www.openwall.com/lists/oss-security/2012/10/07/1
oss-security - Re: CVE Request for Drupal Contributed Modules
-
http://drupal.org/node/1762152
Access to this page has been denied.Patch
-
http://drupal.org/node/1762160
Access to this page has been denied.Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2012/10/04/6
oss-security - CVE Request for Drupal Contributed Modules
Products affected by CVE-2012-4498
- cpe:2.3:a:morbus_iff:activism:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:morbus_iff:activism:6.x-2.x:dev:*:*:*:*:*:*