Description

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.

Remediation

References

CVE-2012-5651

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43495)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.20)

osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14396)

WordPress Plugin Instagram Plugin-InstaLinker Cross-Site Scripting (1.1.1)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2016-8740)

Severity

Medium

Classification

CVE-2012-5651 CWE-264

Tags

Missing Update Known Vulnerabilities