CVE-2015-3404 in Certify Moduleinformazioni

Riassunto

di MITRE

The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

22/04/2015

Divulgazione

22/04/2015

Moderazione

accettato

Voce

VDB-75107

CPE

pronto

CWE

CWE-200 (confermato)

CVSS

4.3 (VulDB)

EPSS

0.00699

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-3404
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-3404
CVE Details	https://www.cvedetails.com/cve/CVE-2015-3404/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!