CVE-2013-4500

The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.0:x
quiz_module_projectquiz
6.x-4.1:x
quiz_module_projectquiz
6.x-4.2:x
quiz_module_projectquiz
6.x-4.3:x
quiz_module_projectquiz
6.x-4.4:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2123727
https://drupal.org/node/2123995
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2123727
https://drupal.org/node/2123995