CVE-2013-1907

EUVD-2013-1903
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
acquiacommons
𝑥
≤ 7.x-3.0
acquiacommons
7.x-3.x:x
acquiacommons_group
𝑥
≤ 7.x-3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/91748
http://packetstormsecurity.com/files/120991/Drupal-Common-Groups-7.x-Access-Bypass-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2013/Mar/242
http://secunia.com/advisories/52769
http://secunia.com/advisories/52795
https://drupal.org/node/1954762
https://drupal.org/node/1954764
https://drupal.org/node/1954948
https://exchange.xforce.ibmcloud.com/vulnerabilities/83133
http://osvdb.org/91748
http://packetstormsecurity.com/files/120991/Drupal-Common-Groups-7.x-Access-Bypass-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2013/Mar/242
http://secunia.com/advisories/52769
http://secunia.com/advisories/52795
https://drupal.org/node/1954762
https://drupal.org/node/1954764
https://drupal.org/node/1954948
https://exchange.xforce.ibmcloud.com/vulnerabilities/83133