← Back

CVE-2012-4487

nvd nist
Published: Nov 2, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.0
Vector
AV:N/AC:L/Au:S/C:N/I:P/A:N
Exploitability: 8.0 / Impact: 2.9
Source: NVD

Description

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created.

Affected (9)

Products: Boombatower: Subuser
Boombatower
1 product
Subuser
Configuration A
9 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Boombatower
Subuser
Up to 6.x-1.7
Subuser
Version 6.x-1.0
Subuser
Version 6.x-1.1
Subuser
Version 6.x-1.2
Subuser
Version 6.x-1.3
Subuser
Version 6.x-1.4
Subuser
Version 6.x-1.5
Subuser
Version 6.x-1.6
Subuser
Version 6.x-1.x dev
Running on/withPlatform Versions
Drupal
Drupal
All versions

Related CWEs

CWE-264
CWE-264

References (8)

Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.