Epiqo Email 6.x-1.0/6.x-1.1/6.x-1.2/6.x-1.x Stored access control

Summaryinfo

A vulnerability classified as critical was found in Epiqo Email 6.x-1.0/6.x-1.1/6.x-1.2/6.x-1.x. This affects an unknown part. The manipulation results in access control (Stored). This vulnerability is reported as CVE-2012-5588. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic has been found in Epiqo Email 6.x-1.0/6.x-1.1/6.x-1.2/6.x-1.x. Affected is an unknown function. The manipulation with an unknown input leads to a access control vulnerability (Stored). CWE is classifying the issue as CWE-264. This is going to have an impact on integrity. CVE summarizes:

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors.

The weakness was disclosed 12/26/2012 (Website). The advisory is shared for download at drupal.org. This vulnerability is traded as CVE-2012-5588 since 10/24/2012. The exploitability is told to be difficult. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.

Upgrading to version 6.x-1.x eliminates this vulnerability.

The entry VDB-63251 is pretty similar. Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Epiqo

Name

• Email

Version

• 6.x-1.0
• 6.x-1.1
• 6.x-1.2
• 6.x-1.x

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion