CVE-2013-4230 Information

Description

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions which allows remote authenticated users with the \Who can read data submitted to this webform\ permission to delete arbitrary submissions via unspecified vectors.

Reference

http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61711 https://drupal.org/node/2059805 https://drupal.org/node/2059807 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86326