Description
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.14.7)
WordPress Plugin Nifty Newsletters (Formerly Sola Newsletters) Cross-Site Request Forgery (4.0.23)
WordPress Plugin Analytics Cross-Site Scripting (1.2.3)
WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)
Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)