Description
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
Remediation
References
Related Vulnerabilities
WordPress Plugin JS MultiHotel Cross-Site Scripting (2.2.1)
Oracle Database Server CVE-2011-0832 Vulnerability (CVE-2011-0832)
Moodle Other Vulnerability (CVE-2006-4786)
PHP Resource Management Errors Vulnerability (CVE-2006-1549)
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-34959)