Description

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.

Remediation

References

CVE-2014-1476

Related Vulnerabilities

osCommerce Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-18572)

OpenSSL Improper Input Validation Vulnerability (CVE-2010-0433)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.10)

WordPress 5.8.x Directory Traversal (5.8 - 5.8.9)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)

Severity

Medium

Classification

CVE-2014-1476 CWE-264

Tags

Missing Update Known Vulnerabilities