Shipwire Api Project: Security Vulnerabilities
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-08-18