CVE-2013-2122

EUVD-2013-2090
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.1:x
quadeedit_limit
7.x-1.2:x
quadeedit_limit
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/93725
http://seclists.org/fulldisclosure/2013/May/208
http://secunia.com/advisories/53556
http://www.openwall.com/lists/oss-security/2013/05/29/9
http://www.securityfocus.com/bid/60209
https://drupal.org/node/2006188
https://drupal.org/node/2007048
https://exchange.xforce.ibmcloud.com/vulnerabilities/84630
http://osvdb.org/93725
http://seclists.org/fulldisclosure/2013/May/208
http://secunia.com/advisories/53556
http://www.openwall.com/lists/oss-security/2013/05/29/9
http://www.securityfocus.com/bid/60209
https://drupal.org/node/2006188
https://drupal.org/node/2007048
https://exchange.xforce.ibmcloud.com/vulnerabilities/84630