Vulnerability Details CVE-2013-7067
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.4%
CVSS Severity
CVSS v2 Score 5.8
References
- http://osvdb.org/100611
- http://www.securityfocus.com/bid/64134
- https://drupal.org/node/2149743
- https://drupal.org/node/2149791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89458
- http://osvdb.org/100611
- http://www.securityfocus.com/bid/64134
- https://drupal.org/node/2149743
- https://drupal.org/node/2149791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89458
Products affected by CVE-2013-7067
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:mike_stefanello:og_features:6.x-1.0
-
cpe:2.3:a:mike_stefanello:og_features:6.x-1.1
-
cpe:2.3:a:mike_stefanello:og_features:6.x-1.2
-
cpe:2.3:a:mike_stefanello:og_features:6.x-1.3
-
cpe:2.3:a:mike_stefanello:og_features:6.x-1.x