CVE-2013-4230

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
monster_menus_module_projectmonster_menus
6.x-6.19:x
monster_menus_module_projectmonster_menus
6.x-6.22:x
monster_menus_module_projectmonster_menus
6.x-6.23:x
monster_menus_module_projectmonster_menus
6.x-6.24:x
monster_menus_module_projectmonster_menus
6.x-6.25:x
monster_menus_module_projectmonster_menus
6.x-6.26:x
monster_menus_module_projectmonster_menus
6.x-6.27:x
monster_menus_module_projectmonster_menus
6.x-6.29:x
monster_menus_module_projectmonster_menus
6.x-6.30:x
monster_menus_module_projectmonster_menus
6.x-6.31:x
monster_menus_module_projectmonster_menus
6.x-6.32:x
monster_menus_module_projectmonster_menus
6.x-6.33:x
monster_menus_module_projectmonster_menus
6.x-6.34:x
monster_menus_module_projectmonster_menus
6.x-6.35:x
monster_menus_module_projectmonster_menus
6.x-6.36:x
monster_menus_module_projectmonster_menus
6.x-6.37:x
monster_menus_module_projectmonster_menus
6.x-6.38:x
monster_menus_module_projectmonster_menus
6.x-6.41:x
monster_menus_module_projectmonster_menus
6.x-6.42:x
monster_menus_module_projectmonster_menus
6.x-6.43:x
monster_menus_module_projectmonster_menus
6.x-6.44:x
monster_menus_module_projectmonster_menus
6.x-6.48:x
monster_menus_module_projectmonster_menus
6.x-6.53:x
monster_menus_module_projectmonster_menus
6.x-6.56:x
monster_menus_module_projectmonster_menus
6.x-6.57:x
monster_menus_module_projectmonster_menus
6.x-6.59:x
monster_menus_module_projectmonster_menus
6.x-6.60:x
monster_menus_module_projectmonster_menus
7.x-1.0:x
monster_menus_module_projectmonster_menus
7.x-1.1:x
monster_menus_module_projectmonster_menus
7.x-1.2:x
monster_menus_module_projectmonster_menus
7.x-1.3:x
monster_menus_module_projectmonster_menus
7.x-1.4:x
monster_menus_module_projectmonster_menus
7.x-1.5:x
monster_menus_module_projectmonster_menus
7.x-1.6:x
monster_menus_module_projectmonster_menus
7.x-1.7:x
monster_menus_module_projectmonster_menus
7.x-1.8:x
monster_menus_module_projectmonster_menus
7.x-1.9:x
monster_menus_module_projectmonster_menus
7.x-1.10:x
monster_menus_module_projectmonster_menus
7.x-1.11:x
monster_menus_module_projectmonster_menus
7.x-1.12:x
monster_menus_module_projectmonster_menus
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/54391
http://www.openwall.com/lists/oss-security/2013/08/10/1
http://www.securityfocus.com/bid/61711
https://drupal.org/node/2059805
https://drupal.org/node/2059807
https://drupal.org/node/2059823
https://exchange.xforce.ibmcloud.com/vulnerabilities/86326
http://secunia.com/advisories/54391
http://www.openwall.com/lists/oss-security/2013/08/10/1
http://www.securityfocus.com/bid/61711
https://drupal.org/node/2059805
https://drupal.org/node/2059807
https://drupal.org/node/2059823
https://exchange.xforce.ibmcloud.com/vulnerabilities/86326