WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)

Description

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Remediation

References

Related Vulnerabilities

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)

WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10208)

WordPress Plugin RSVPMaker SQL Injection (9.2.5)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Unspecified Vulnerability (4.10.2)

Severity

Medium

Classification

CVE-2014-2983 CWE-200

Tags

Missing Update Known Vulnerabilities