The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-08-28T16:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-03-12T00:00:00
Link: CVE-2012-1650
JSON object: View
NVD Information
Status : Modified
Published: 2012-08-28T17:55:04.000
Modified: 2017-08-29T01:31:20.820
Link: CVE-2012-1650
JSON object: View
Redhat Information
No data.
CWE