CVE-2012-1649 | Vulnerability Database | Aqua Security

Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Cool_aid	Danielb	*	6.x-1.8 (including)
Cool_aid	Danielb	6.x-1.0 (including)	6.x-1.0 (including)
Cool_aid	Danielb	6.x-1.1 (including)	6.x-1.1 (including)
Cool_aid	Danielb	6.x-1.2 (including)	6.x-1.2 (including)
Cool_aid	Danielb	6.x-1.3 (including)	6.x-1.3 (including)
Cool_aid	Danielb	6.x-1.4 (including)	6.x-1.4 (including)
Cool_aid	Danielb	6.x-1.6 (including)	6.x-1.6 (including)
Cool_aid	Danielb	6.x-1.7 (including)	6.x-1.7 (including)
Cool_aid	Danielb	6.x-1.x-dev (including)	6.x-1.x-dev (including)

References

http://drupal.org/node/1417186
http://drupal.org/node/1461438
http://secunia.com/advisories/48196
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79772
http://www.securityfocus.com/bid/52232
https://exchange.xforce.ibmcloud.com/vulnerabilities/73608

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1649
CWE	https://cwe.mitre.org/data/definitions/264.html