Description
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14672 Vulnerability (CVE-2020-14672)
WordPress Plugin Mail Queue Cross-Site Scripting (1.1)
WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)
WordPress Plugin CiviCRM Remote Code Execution (5.24.2)
WordPress Plugin MapPress Maps for WordPress Cross-Site Request Forgery (2.53.8)