Description

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Remediation

References

CVE-2016-9449

Related Vulnerabilities

WordPress Plugin Infusionsoft Gravity Forms Add-on Arbitrary File Upload (1.5.10)

WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6211)

WordPress Plugin WP Statistics Cross-Site Scripting (9.5.1)

WordPress Plugin Disable Comments Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2016-9449 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities