Описание
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
Ссылки
- Patch
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:administration_views_project:administration_views:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:administration_views_project:administration_views:7.x-1.0:rc1:*:*:*:drupal:*:*
cpe:2.3:a:administration_views_project:administration_views:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:administration_views_project:administration_views:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:administration_views_project:administration_views:7.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:administration_views_project:administration_views:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:administration_views_project:administration_views:7.x-1.x:dev:*:*:*:drupal:*:*
EPSS
Процентиль: 52%
0.00294
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
EPSS
Процентиль: 52%
0.00294
Низкий
5 Medium
CVSS2
Дефекты
CWE-200