CVE-2013-4230
First published: Wed Aug 21 2013(Updated: )
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Monster Menus | =6.x-6.19 | |
| Drupal Monster Menus | =6.x-6.22 | |
| Drupal Monster Menus | =6.x-6.23 | |
| Drupal Monster Menus | =6.x-6.24 | |
| Drupal Monster Menus | =6.x-6.25 | |
| Drupal Monster Menus | =6.x-6.26 | |
| Drupal Monster Menus | =6.x-6.27 | |
| Drupal Monster Menus | =6.x-6.29 | |
| Drupal Monster Menus | =6.x-6.30 | |
| Drupal Monster Menus | =6.x-6.31 | |
| Drupal Monster Menus | =6.x-6.32 | |
| Drupal Monster Menus | =6.x-6.33 | |
| Drupal Monster Menus | =6.x-6.34 | |
| Drupal Monster Menus | =6.x-6.35 | |
| Drupal Monster Menus | =6.x-6.36 | |
| Drupal Monster Menus | =6.x-6.37 | |
| Drupal Monster Menus | =6.x-6.38 | |
| Drupal Monster Menus | =6.x-6.41 | |
| Drupal Monster Menus | =6.x-6.42 | |
| Drupal Monster Menus | =6.x-6.43 | |
| Drupal Monster Menus | =6.x-6.44 | |
| Drupal Monster Menus | =6.x-6.48 | |
| Drupal Monster Menus | =6.x-6.53 | |
| Drupal Monster Menus | =6.x-6.56 | |
| Drupal Monster Menus | =6.x-6.57 | |
| Drupal Monster Menus | =6.x-6.59 | |
| Drupal Monster Menus | =6.x-6.60 | |
| Drupal Monster Menus | =7.x-1.0 | |
| Drupal Monster Menus | =7.x-1.1 | |
| Drupal Monster Menus | =7.x-1.2 | |
| Drupal Monster Menus | =7.x-1.3 | |
| Drupal Monster Menus | =7.x-1.4 | |
| Drupal Monster Menus | =7.x-1.5 | |
| Drupal Monster Menus | =7.x-1.6 | |
| Drupal Monster Menus | =7.x-1.7 | |
| Drupal Monster Menus | =7.x-1.8 | |
| Drupal Monster Menus | =7.x-1.9 | |
| Drupal Monster Menus | =7.x-1.10 | |
| Drupal Monster Menus | =7.x-1.11 | |
| Drupal Monster Menus | =7.x-1.12 | |
| Drupal Monster Menus | =7.x-1.x-dev | |
| Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4230?
CVE-2013-4230 is considered a high severity vulnerability due to improper access control, allowing remote authenticated users to delete webform submissions.
How do I fix CVE-2013-4230?
To fix CVE-2013-4230, upgrade the Monster Menus module to version 6.x-6.61 or later for Drupal 6, or 7.x-1.13 or later for Drupal 7.
Who is affected by CVE-2013-4230?
CVE-2013-4230 affects users of the Monster Menus module versions prior to 6.x-6.61 and 7.x-1.13 in Drupal.
What kind of access does CVE-2013-4230 grant to attackers?
CVE-2013-4230 allows authenticated remote users with the appropriate permissions to delete arbitrary webform submissions.
When was CVE-2013-4230 reported?
CVE-2013-4230 was reported in August 2013.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/monster menus module project
- canonical/drupal monster menus
- version/drupal monster menus/6.x-6.19
- version/drupal monster menus/6.x-6.22
- version/drupal monster menus/6.x-6.23
- version/drupal monster menus/6.x-6.24
- version/drupal monster menus/6.x-6.25
- version/drupal monster menus/6.x-6.26
- version/drupal monster menus/6.x-6.27
- version/drupal monster menus/6.x-6.29
- version/drupal monster menus/6.x-6.30
- version/drupal monster menus/6.x-6.31
- version/drupal monster menus/6.x-6.32
- version/drupal monster menus/6.x-6.33
- version/drupal monster menus/6.x-6.34
- version/drupal monster menus/6.x-6.35
- version/drupal monster menus/6.x-6.36
- version/drupal monster menus/6.x-6.37
- version/drupal monster menus/6.x-6.38
- version/drupal monster menus/6.x-6.41
- version/drupal monster menus/6.x-6.42
- version/drupal monster menus/6.x-6.43
- version/drupal monster menus/6.x-6.44
- version/drupal monster menus/6.x-6.48
- version/drupal monster menus/6.x-6.53
- version/drupal monster menus/6.x-6.56
- version/drupal monster menus/6.x-6.57
- version/drupal monster menus/6.x-6.59
- version/drupal monster menus/6.x-6.60
- version/drupal monster menus/7.x-1.0
- version/drupal monster menus/7.x-1.1
- version/drupal monster menus/7.x-1.2
- version/drupal monster menus/7.x-1.3
- version/drupal monster menus/7.x-1.4
- version/drupal monster menus/7.x-1.5
- version/drupal monster menus/7.x-1.6
- version/drupal monster menus/7.x-1.7
- version/drupal monster menus/7.x-1.8
- version/drupal monster menus/7.x-1.9
- version/drupal monster menus/7.x-1.10
- version/drupal monster menus/7.x-1.11
- version/drupal monster menus/7.x-1.12
- version/drupal monster menus/7.x-1.x-dev
- vendor/drupal
- canonical/drupal