Unrated severityNVD Advisory· Published Jul 16, 2013· Updated Apr 29, 2026

CVE-2013-1908

Description

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.

Affected products

Acquia/Commons2 versions
cpe:2.3:a:acquia:commons:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:acquia:commons:*:*:*:*:*:*:*:*range: <=7.x-3.0
- cpe:2.3:a:acquia:commons:7.x-3.x:dev:*:*:*:*:*:*
Commons Wikis Project/Commons Wikis2 versions
cpe:2.3:a:commons_wikis_project:commons_wikis:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:commons_wikis_project:commons_wikis:*:*:*:*:*:*:*:*range: <=7.x-3.0
- cpe:2.3:a:commons_wikis_project:commons_wikis:7.x-3.x:dev:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/1954766nvdPatchVendor Advisory
drupal.org/node/1954768nvdPatch
drupal.org/node/1954948nvdPatch
secunia.com/advisories/52766nvdVendor Advisory
secunia.com/advisories/52795nvdVendor Advisory
osvdb.org/91747nvd
packetstormsecurity.com/files/120995/Drupal-Common-Wikis-7.x-Access-Bypass-Privilege-Escalation.htmlnvd
seclists.org/fulldisclosure/2013/Mar/244nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000