4
CVE-2013-1973
- EPSS 1.09%
- Veröffentlicht 09.06.2014 19:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autocomplete Widgets Project ≫ Autocomplete Widgets Version6.x-1.0 Update- Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version6.x-1.1 Update- Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version6.x-1.2 Update- Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version6.x-1.3 Update- Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version7.x-1.x Updatealpha1 Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version7.x-1.x Updatebeta1 Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version7.x-1.x Updatebeta2 Edition- SwEdition- SwPlatformdrupal
Autocomplete Widgets Project ≫ Autocomplete Widgets Version7.x-1.x Updatedev Edition- SwEdition- SwPlatformdrupal
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.09% | 0.612 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
http://osvdb.org/92532
http://secunia.com/advisories/52996
https://drupal.org/node/1971848
https://drupal.org/node/1971856
https://drupal.org/node/1972976