Description

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Remediation

References

CVE-2012-1590

Related Vulnerabilities

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000356)

Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.6.5)

WordPress Plugin GN Publisher: Google News Compatible RSS Feeds Cross-Site Scripting (1.5.5)

WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Cross-Site Scripting (9.8.4)

Severity

Medium

Classification

CVE-2012-1590 CWE-264

Tags

Missing Update Known Vulnerabilities