CVE-2013-2247

The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
fast_permissions_administration_projectfast_permission_administration
6.x-2.0:x
fast_permissions_administration_projectfast_permission_administration
6.x-2.1:x
fast_permissions_administration_projectfast_permission_administration
6.x-2.2:x
fast_permissions_administration_projectfast_permission_administration
6.x-2.3:x
fast_permissions_administration_projectfast_permission_administration
6.x-2.4:x
fast_permissions_administration_projectfast_permission_administration
6.x-2.x:x
fast_permissions_administration_projectfast_permission_administration
7.x-2.0:x
fast_permissions_administration_projectfast_permission_administration
7.x-2.1:x
fast_permissions_administration_projectfast_permission_administration
7.x-2.2:x
fast_permissions_administration_projectfast_permission_administration
7.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2013/07/06/3
https://drupal.org/node/2028417
https://drupal.org/node/2028421
https://drupal.org/node/2028813
http://www.openwall.com/lists/oss-security/2013/07/06/3
https://drupal.org/node/2028417
https://drupal.org/node/2028421
https://drupal.org/node/2028813