Unrated severityNVD Advisory· Published Aug 28, 2012· Updated Apr 29, 2026

CVE-2012-1650

Description

The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.

Affected products

Giantrobot/Zipcart3 versions
cpe:2.3:a:giantrobot:zipcart:6.x-1.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:giantrobot:zipcart:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:giantrobot:zipcart:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:giantrobot:zipcart:6.x-1.x:dev:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupalcode.org/project/zipcart.git/commitdiff/fe143c2nvdPatch
drupal.org/node/1460892nvdPatch
drupal.org/node/1461446nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2012/04/07/1nvd
www.osvdb.org/79766nvd
www.securityfocus.com/bid/52231nvd
exchange.xforce.ibmcloud.com/vulnerabilities/73609nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000