Description
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
Remediation
References
Related Vulnerabilities
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
PHP Other Vulnerability (CVE-2007-1582)
WordPress Plugin All In One Schema.org Rich Snippets Cross-Site Scripting (1.4.4)
PHP Out-of-bounds Write Vulnerability (CVE-2017-9228)
WordPress Plugin WP-Lister Lite for Amazon Cross-Site Scripting (2.4.3)