Unrated severityNVD Advisory· Published Jul 16, 2013· Updated Apr 29, 2026

CVE-2013-1907

Description

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.

Affected products

Acquia/Commons3 versions
cpe:2.3:a:acquia:commons:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:acquia:commons:*:*:*:*:*:*:*:*range: <=7.x-3.0
- cpe:2.3:a:acquia:commons:7.x-3.x:dev:*:*:*:*:*:*
- cpe:2.3:a:acquia:commons:_group7.x-3.x:dev:*:*:*:*:*:*
Acquia/Commons Group
cpe:2.3:a:acquia:commons_group:*:*:*:*:*:*:*:*
Range: <=7.x-3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/52769nvdVendor Advisory
secunia.com/advisories/52795nvdVendor Advisory
drupal.org/node/1954948nvdVendor Advisory
osvdb.org/91748nvd
packetstormsecurity.com/files/120991/Drupal-Common-Groups-7.x-Access-Bypass-Privilege-Escalation.htmlnvd
seclists.org/fulldisclosure/2013/Mar/242nvd
drupal.org/node/1954762nvd
drupal.org/node/1954764nvd
exchange.xforce.ibmcloud.com/vulnerabilities/83133nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000