CVE-2013-2122 Information

Description

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments which allows remote authenticated users with the \edit comments\ permission to edit arbitrary comments of other users via unspecified vectors.

Reference

http://osvdb.org/93725 http://seclists.org/fulldisclosure/2013/May/208 http://secunia.com/advisories/53556 http://www.openwall.com/lists/oss-security/2013/05/29/9 http://www.securityfocus.com/bid/60209 https://drupal.org/node/2006188 https://drupal.org/node/2007048 https://exchange.xforce.ibmcloud.com/vulnerabilities/84630