Vulnerability Details CVE-2013-4406
The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2013/10/04/14
- http://www.openwall.com/lists/oss-security/2013/10/05/1
- https://drupal.org/node/2103113
- https://drupal.org/node/2103121
- https://drupal.org/node/2103127
- https://drupal.org/node/2103187
- http://www.openwall.com/lists/oss-security/2013/10/04/14
- http://www.openwall.com/lists/oss-security/2013/10/05/1
- https://drupal.org/node/2103113
- https://drupal.org/node/2103121
- https://drupal.org/node/2103127
- https://drupal.org/node/2103187
Products affected by CVE-2013-4406
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:6.x-2.0
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:6.x-2.1
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:6.x-2.x
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:6.x-3.0
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:6.x-3.1
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:6.x-3.x
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.0
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.1
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.2
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.3
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.4
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.5
-
cpe:2.3:a:quick_tabs_module_project:quicktabs:7.x-3.x