Description

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Remediation

References

CVE-2016-9449

Related Vulnerabilities

MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1829)

WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)

WordPress Plugin Embed Articles Multiple Vulnerabilities (7.0.3)

Apache HTTP Server Other Vulnerability (CVE-2006-4110)

Severity

Medium

Classification

CVE-2016-9449 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities