5

CVE-2012-4488

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Location Module ProjectLocation Version6.x-3.0
   DrupalDrupal Version-
Location Module ProjectLocation Version6.x-3.0 Updaterc1
   DrupalDrupal Version-
Location Module ProjectLocation Version6.x-3.0 Updaterc2
   DrupalDrupal Version-
Location Module ProjectLocation Version6.x-3.0 Updatetest3
   DrupalDrupal Version-
Location Module ProjectLocation Version6.x-3.1
   DrupalDrupal Version-
Location Module ProjectLocation Version6.x-3.1 Updaterc1
   DrupalDrupal Version-
Location Module ProjectLocation Version6.x-3.x Updatedev
   DrupalDrupal Version-
Location Module ProjectLocation Version7.x-1.0 Updatebeta1
   DrupalDrupal Version-
Location Module ProjectLocation Version7.x-3.x Updatedev
   DrupalDrupal Version-
Location Module ProjectLocation Version7.x-4.x Updatedev
   DrupalDrupal Version-
Location Module ProjectLocation Version7.x-5.x Updatedev
   DrupalDrupal Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1
http://drupal.org/node/1699962
Patch
http://drupal.org/node/1699984
Patch
http://drupal.org/node/1700588
Vendor Advisory