CVE-2012-2096

Published: Aug 14, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.

Affected (2)

Products: Lullabot: Fivestar Module For Drupal

Lullabot

1 product

Fivestar Module For Drupal

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lullabot Fivestar Module For Drupal	Version 6.x-1.20
Lullabot Fivestar Module For Drupal	Version 6.x-1.x

Running on/with	Platform Versions
Drupal Drupal	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://drupal.org/node/1528600

Source: secalert@redhat.com

Patch

http://drupal.org/node/1528614

Source: secalert@redhat.com

PatchVendor Advisory

http://drupalcode.org/project/fivestar.git/commitdiff/75dba2c

Source: secalert@redhat.com

ExploitPatch

http://secunia.com/advisories/48788

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/04/11/4

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/12/2

Source: secalert@redhat.com

http://www.securityfocus.com/bid/52984

Source: secalert@redhat.com

Patch

http://drupal.org/node/1528600