WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2153)

Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Remediation

References

Related Vulnerabilities

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)

WordPress Plugin Popup by Supsystic Cross-Site Scripting (1.10.4)

WordPress Plugin SecuPress Pro Security Bypass (1.4.12)

PHP Resource Management Errors Vulnerability (CVE-2014-2497)

WordPress Plugin Product Catalog Multiple SQL Injection Vulnerabilities (2.1)

Severity

Medium

Classification

CVE-2012-2153 CWE-264

Tags

Missing Update Known Vulnerabilities