CVE-2013-1859

EUVD-2013-1862
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
chris_desautelsnode_parameter_control
6.x-1.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1942330
http://osvdb.org/91257
http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html
http://seclists.org/fulldisclosure/2013/Mar/133
http://www.openwall.com/lists/oss-security/2013/03/15/2
http://drupal.org/node/1942330
http://osvdb.org/91257
http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html
http://seclists.org/fulldisclosure/2013/Mar/133
http://www.openwall.com/lists/oss-security/2013/03/15/2