CVE-2013-2122

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.0:x
quadeedit_limit
7.x-1.1:x
quadeedit_limit
7.x-1.2:x
quadeedit_limit
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/93725
http://seclists.org/fulldisclosure/2013/May/208
http://secunia.com/advisories/53556
http://www.openwall.com/lists/oss-security/2013/05/29/9
http://www.securityfocus.com/bid/60209
https://drupal.org/node/2006188
https://drupal.org/node/2007048
https://exchange.xforce.ibmcloud.com/vulnerabilities/84630
http://osvdb.org/93725
http://seclists.org/fulldisclosure/2013/May/208
http://secunia.com/advisories/53556
http://www.openwall.com/lists/oss-security/2013/05/29/9
http://www.securityfocus.com/bid/60209
https://drupal.org/node/2006188
https://drupal.org/node/2007048
https://exchange.xforce.ibmcloud.com/vulnerabilities/84630