CVE-2012-4470

The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
philip_ludlamlisthandler
6.x-1.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1679412
http://drupal.org/node/1819780
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54376
http://drupal.org/node/1679412
http://drupal.org/node/1819780
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54376