CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-1925

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v2 Score 3.5

References

http://osvdb.org/91986
http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html
http://seclists.org/fulldisclosure/2013/Apr/8
https://drupal.org/node/1960406
https://drupal.org/node/1960424
https://exchange.xforce.ibmcloud.com/vulnerabilities/83254
http://osvdb.org/91986
http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html
http://seclists.org/fulldisclosure/2013/Apr/8
https://drupal.org/node/1960406
https://drupal.org/node/1960424
https://exchange.xforce.ibmcloud.com/vulnerabilities/83254

Products affected by CVE-2013-1925

Chaos Tool Suite Project » Ctools » Version: 7.x-1.0

cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0
Chaos Tool Suite Project » Ctools » Version: 7.x-1.1

cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1
Chaos Tool Suite Project » Ctools » Version: 7.x-1.2

cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2
Chaos Tool Suite Project » Ctools » Version: 7.x-1.x

cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.x

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1925

Products

Pricing

Contact Us