The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/52984 | Patch |
http://www.openwall.com/lists/oss-security/2012/04/11/4 | |
http://www.openwall.com/lists/oss-security/2012/04/12/2 | |
http://drupalcode.org/project/fivestar.git/commitdiff/75dba2c | Exploit Patch |
http://secunia.com/advisories/48788 | Vendor Advisory |
http://drupal.org/node/1528614 | Patch Vendor Advisory |
http://drupal.org/node/1528600 | Patch |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-08-14 14:55
Updated : 2012-08-14 21:00
NVD link : CVE-2012-2096
Mitre link : CVE-2012-2096
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
drupal
- drupal
lullabot
- fivestar_module_for_drupal