PT-2024-10362 · Drupal · Drupal Cms+1
Drew Webber
+4
·
Published
2024-05-22
·
Updated
2025-01-10
·
CVE-2024-13257
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Commerce View Receipt versions 0.0.0 through 1.0.2
Description
The issue is related to insufficient authorization procedures in the Commerce View Receipt module of the Drupal CMS system. This can allow a remote attacker to bypass security restrictions and perform a forceful browsing attack.
Recommendations
For versions 0.0.0 through 1.0.2, update to version 1.0.3 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Commerce View Receipt module until a patch is applied.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Cms
Drupal Commerce View Receipt