← back
CVE-2012-1056

CVE-2012-1056

EPSS 1.5%
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupal.org/node/1423722http://drupal.org/node/1425150http://osvdb.org/78817http://secunia.com/advisories/47851https://exchange.xforce.ibmcloud.com/vulnerabilities/72920http://www.securityfocus.com/bid/51826