PT-2014-2840 · Drupal · Payment For Webform
Forest Monsen
·
Publicado
2014-10-25
·
Atualizado
2014-10-31
·
CVE-2013-4594
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Payment for Webform module versions 7.x-1.x before 7.x-1.5
Description
The issue allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment, due to the lack of access restriction by anonymous users.
Recommendations
For Payment for Webform module versions 7.x-1.x before 7.x-1.5, update to version 7.x-1.5 or later to resolve the issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Payment For Webform