Description

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Remediation

References

CVE-2016-9449

Related Vulnerabilities

MySQL CVE-2015-0500 Vulnerability (CVE-2015-0500)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)

MySQL CVE-2022-21290 Vulnerability (CVE-2022-21290)

MySQL CVE-2015-4737 Vulnerability (CVE-2015-4737)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (2.6.6)

Severity

Medium

Classification

CVE-2016-9449 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities