Drupal · Drupal Cms · CVE-2024-13257
**Name of the Vulnerable Software and Affected Versions**
Drupal Commerce View Receipt versions 0.0.0 through 1.0.2
**Description**
The issue is related to insufficient authorization procedures in the Commerce View Receipt module of the Drupal CMS system. This can allow a remote attacker to bypass security restrictions and perform a forceful browsing attack.
**Recommendations**
For versions 0.0.0 through 1.0.2, update to version 1.0.3 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Commerce View Receipt module until a patch is applied.