MoneySuite - Moderately critical - Access bypass - SA-CONTRIB-2017-085

Project: MoneySuite
Version: 7.x-10.x-dev
Date: 2017-November-29
Security risk: *Moderately critical* 14∕25
Vulnerability: Access bypass

Description

MoneySuite provides a set of modules for Drupal sites that rely on the sale of memberships and/or content for revenue.

The modules have an access bypass vulnerability which allows untrusted users (including anonymous users) to view payments made by users within the system. No data can be modified, nor are any credit card numbers displayed.

Solution

Install the latest version: If you use the MoneySuite module for Drupal 7.x, upgrade to MoneySuite 7.x-10.4

Add new comment