CVE-2013-2629

idleman leed < 1.4 - Unauthenticated Authorization Bypass via action.php Actions

Title source: llm
STIX 2.1

Description

Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Dec/107

Scores

EPSS 0.0139
EPSS Percentile 69.1%

Details

CWE
CWE-20
Status published
Products (1)
idleman/leed < 1.4
Published Dec 23, 2013
Tracked Since Feb 18, 2026