The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fast_permissions_administration_project | fast_permission_administration | 6.x-2.3 |
| fast_permissions_administration_project | fast_permission_administration | 7.x-2.0 |
| fast_permissions_administration_project | fast_permission_administration | 6.x-2.0 |
| fast_permissions_administration_project | fast_permission_administration | 7.x-2.1 |
| fast_permissions_administration_project | fast_permission_administration | 6.x-2.x |
| fast_permissions_administration_project | fast_permission_administration | 6.x-2.1 |
| fast_permissions_administration_project | fast_permission_administration | 7.x-2.x |
| fast_permissions_administration_project | fast_permission_administration | 6.x-2.2 |
| fast_permissions_administration_project | fast_permission_administration | 7.x-2.2 |
| fast_permissions_administration_project | fast_permission_administration | 6.x-2.4 |