1 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. El módulo "Web Services" v6.x de Drupal no realiza correctamente el control de acceso, lo que permite a atacantes remotos para hacer un uso no especificado de una API a través de vectores desconocidos. • http://drupal.org/node/630244 http://www.securityfocus.com/bid/37000 http://www.vupen.com/english/advisories/2009/3218 https://exchange.xforce.ibmcloud.com/vulnerabilities/54249 • CWE-264: Permissions, Privileges, and Access Controls •