Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2013-4594

Improper Authentication

Published: Oct 25, 2014 | Modified: Oct 31, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2013-4594
CWEhttps://cwe.mitre.org/data/definitions/287.html

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Payment_for_webform Payment_for_webform_project 7.x-1.0 (including) 7.x-1.0 (including)
Payment_for_webform Payment_for_webform_project 7.x-1.1 (including) 7.x-1.1 (including)
Payment_for_webform Payment_for_webform_project 7.x-1.2 (including) 7.x-1.2 (including)
Payment_for_webform Payment_for_webform_project 7.x-1.3 (including) 7.x-1.3 (including)
Payment_for_webform Payment_for_webform_project 7.x-1.4 (including) 7.x-1.4 (including)
Payment_for_webform Payment_for_webform_project 7.x-1.5 (including) 7.x-1.5 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use