Description

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.

Remediation

References

CVE-2012-5651

Related Vulnerabilities

WordPress Plugin Wp-FileManager 'ajaxfilemanager.php' Arbitrary File Upload (1.2)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)

WordPress Direct Request ('Forced Browsing') Vulnerability (CVE-2005-1688)

Oracle Application Server CVE-2009-1999 Vulnerability (CVE-2009-1999)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62237)

Severity

Medium

Classification

CVE-2012-5651 CWE-264

Tags

Missing Update Known Vulnerabilities