WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0245)

Description

The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.

Remediation

References

Related Vulnerabilities

WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3)

MySQL Out-of-bounds Write Vulnerability (CVE-2020-15358)

WordPress Plugin WP to Twitter Cross-Site Scripting (3.0.5)

Moodle Resource Management Errors Vulnerability (CVE-2014-7847)

MySQL CVE-2017-3455 Vulnerability (CVE-2017-3455)

Severity

Low

Classification

CVE-2013-0245 CWE-264

Tags

Missing Update Known Vulnerabilities