Vulnerability Details CVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.9%
CVSS Severity
CVSS v2 Score 4.0
References
- http://osvdb.org/92532
- http://secunia.com/advisories/52996
- https://drupal.org/node/1971848
- https://drupal.org/node/1971856
- https://drupal.org/node/1972976
- http://osvdb.org/92532
- http://secunia.com/advisories/52996
- https://drupal.org/node/1971848
- https://drupal.org/node/1971856
- https://drupal.org/node/1972976
Products affected by CVE-2013-1973
-
cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.0
-
cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.1
-
cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.2
-
cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.3
-
cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:7.x-1.x