CVE-2012-1650

EUVD-2012-1660
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
giantrobotzipcart
6.x-1.2:x
giantrobotzipcart
6.x-1.3:x
giantrobotzipcart
6.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79766
http://www.securityfocus.com/bid/52231
https://drupal.org/node/1460892
https://drupal.org/node/1461446
https://exchange.xforce.ibmcloud.com/vulnerabilities/73609
http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79766
http://www.securityfocus.com/bid/52231
https://drupal.org/node/1460892
https://drupal.org/node/1461446
https://exchange.xforce.ibmcloud.com/vulnerabilities/73609