CVE-2013-2247

high

Published 2013-08-28 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://drupal.org/node/2028813

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://drupal.org/node/2028421

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://drupal.org/node/2028417

Application impact

Vendor	Product	Versions
fast_permissions_administration_project	fast_permission_administration	`6.x-2.0`
fast_permissions_administration_project	fast_permission_administration	`6.x-2.1`
fast_permissions_administration_project	fast_permission_administration	`6.x-2.2`
fast_permissions_administration_project	fast_permission_administration	`6.x-2.3`
fast_permissions_administration_project	fast_permission_administration	`6.x-2.4`
fast_permissions_administration_project	fast_permission_administration	`6.x-2.x`
fast_permissions_administration_project	fast_permission_administration	`7.x-2.0`
fast_permissions_administration_project	fast_permission_administration	`7.x-2.1`
fast_permissions_administration_project	fast_permission_administration	`7.x-2.2`
fast_permissions_administration_project	fast_permission_administration	`7.x-2.x`
drupal	drupal	`-`

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.