Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Remediation

References

CVE-2012-2153

Related Vulnerabilities

MySQL CVE-2020-14867 Vulnerability (CVE-2020-14867)

WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.3)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8943)

PHP Out-of-bounds Read Vulnerability (CVE-2016-9935)

WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (1.0.3)

Severity

Medium

Classification

CVE-2012-2153 CWE-264

Tags

Missing Update Known Vulnerabilities