HIGH🇵🇱 Wersja polska

CVE-2024-13255

CVSS 7.5v3.1pub. 2025-01-09upd. 2025-06-04

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Restful Web Services Project Restful Web Services

    APP
    Restful Web Services Project
    7.x-2.0 – 7.x-2.10 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2013-4225HIGH8.8ten sam produkt

The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not...

CVE-2015-4345MEDIUM5.0ten sam produkt

The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7...

CVE-2013-1946MEDIUM4.3ten sam produkt

The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, ...

CVE-2013-0205MEDIUM6.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x...

CVE-2012-5556MEDIUM6.8ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x...