Описание
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-1590
- http://drupal.org/drupal-7.14
- http://drupal.org/node/1302404
- http://drupal.org/node/1557938
- http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
- http://secunia.com/advisories/49012
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://www.securityfocus.com/bid/53359
EPSS
CVE ID
Связанные уязвимости
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
The forum list in Drupal 7.x before 7.14 does not properly check user ...
EPSS