WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2153)

Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Remediation

References

Related Vulnerabilities

WordPress Plugin AWSM Team-Team Showcase Local File Inclusion (1.3.1)

Joomla Incorrect Authorization Vulnerability (CVE-2020-11891)

Sqlite CVE-2021-20223 Vulnerability (CVE-2021-20223)

MySQL CVE-2012-0485 Vulnerability (CVE-2012-0485)

Artifactory Improper Input Validation Vulnerability (CVE-2019-19937)

Severity

Medium

Classification

CVE-2012-2153 CWE-264

Tags

Missing Update Known Vulnerabilities