Description

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Remediation

References

CVE-2012-1590

Related Vulnerabilities

Moodle Improper Following of Specification by Caller Vulnerability (CVE-2019-14829)

Joomla Improper Input Validation Vulnerability (CVE-2020-11890)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3401)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13589)

Python Improper Input Validation Vulnerability (CVE-2018-20852)

Severity

Medium

Classification

CVE-2012-1590 CWE-264

Tags

Missing Update Known Vulnerabilities