CVE-2013-2629
idleman leed < 1.4 - Unauthenticated Authorization Bypass via action.php Actions
Title source: llmDescription
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Dec/107
Various Sources x_refsource_misc
http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt
Scores
EPSS
0.0139
EPSS Percentile
69.1%
Details
CWE
CWE-20
Status
published
Products (1)
idleman/leed
< 1.4
Published
Dec 23, 2013
Tracked Since
Feb 18, 2026