Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1650

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-1650
Last Modified 29 Aug 2012 12:00:00
Published 28 Aug 2012 01:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-1650

Summary

The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

Vulnerable Systems

Application

  • Giantrobot Zipcart 6.x-1.2

  • Giantrobot Zipcart 6.x-1.3

  • Giantrobot Zipcart 6.x-1.x


References

MISC - https://drupal.org/node/1461446

CONFIRM - https://drupal.org/node/1460892

XF - zipcart-archives-security-bypass(73609)

BID - 52231

OSVDB - 79766

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

CONFIRM - http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2


Last Updated: 27 May 2016 11:00:22