Insufficient Access Control in Drupal Payment for Webform Module
CVE-2013-4594

Currently unrated

Key Information:

Vendor

Payment For Webform Project

Status
Payment For Webform
Vendor
CVE Published:
25 October 2014

What is CVE-2013-4594?

The Payment for Webform module prior to version 7.x-1.5 for Drupal features an inadequate access control mechanism that fails to restrict anonymous users. This flaw allows these users to exploit the payment functionality, potentially using payment methods intended for other users. When submitting forms that require payment, unauthorized access may lead to misuse of payment capabilities, posing a risk to both users and site administrators.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/55431
third-party-advisoryx_refsource_SECUNIA
http://seclists.org/oss-sec/2013/q4/317
mailing-listx_refsource_MLIST
https://drupal.org/node/2128345
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.