← back
CVE-2013-2122

CVE-2013-2122

EPSS 1.6%
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/93725https://drupal.org/node/2006188https://drupal.org/node/2007048http://seclists.org/fulldisclosure/2013/May/208http://secunia.com/advisories/53556https://exchange.xforce.ibmcloud.com/vulnerabilities/84630http://www.openwall.com/lists/oss-security/2013/05/29/9http://www.securityfocus.com/bid/60209