1 results (0.005 seconds)

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. El módulo Make Meeting Scheduler 6.x-1.x anterior a la versión 6.x-1.3 para Drupal permite a atacantes remotos evadir restricciones de acceso de una encuesta a través de una petición directa a la URL del nodo en lugar the la URL hash. • http://secunia.com/advisories/54634 http://www.openwall.com/lists/oss-security/2013/09/27/6 https://drupal.org/node/2081637 https://drupal.org/node/2081647 • CWE-264: Permissions, Privileges, and Access Controls •