Описание
The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.
Ссылки
- Patch
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:uc_profile_project:uc_profile:6.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:uc_profile_project:uc_profile:6.x-1.1:rc1:*:*:*:drupal:*:*
cpe:2.3:a:uc_profile_project:uc_profile:6.x-1.1:rc2:*:*:*:drupal:*:*
cpe:2.3:a:uc_profile_project:uc_profile:6.x-1.1:rc3:*:*:*:drupal:*:*
cpe:2.3:a:uc_profile_project:uc_profile:6.x-1.2:*:*:*:*:drupal:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.
EPSS
Процентиль: 48%
0.0025
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200