CVE-2013-0318

critical

Published 2013-03-27 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1916370

Application impact

Vendor	Product	Versions	Fixed
banckle_chat_project	banckle_chat	`-`
drupal	drupal	`-`

References

http://drupal.org/node/1916370
http://www.openwall.com/lists/oss-security/2013/02/21/5
http://drupal.org/node/1916370
http://www.openwall.com/lists/oss-security/2013/02/21/5

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.