Back to search
CVE-2012-1650
Published: Aug 28, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2
x_refsource_CONFIRM
https://drupal.org/node/1461446
x_refsource_MISC
https://drupal.org/node/1460892
x_refsource_CONFIRM
79766
vdb-entry
x_refsource_OSVDB
[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
mailing-list
x_refsource_MLIST
zipcart-archives-security-bypass(73609)
vdb-entry
x_refsource_XF
52231
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now