MidnightBSD

Advisories for shipwire_api_project

CVE-2015-5498 MEDIUM

The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
shipwire_api_project shipwire_api 7.x-1.0
shipwire_api_project shipwire_api 7.x-1.01
shipwire_api_project shipwire_api 7.x-1.02