← back
CVE-2012-1590

CVE-2012-1590

EPSS 1.4%
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5http://drupal.org/drupal-7.14http://drupal.org/node/1302404http://drupal.org/node/1557938http://secunia.com/advisories/49012http://www.mandriva.com/security/advisories?name=MDVSA-2013:074http://www.securityfocus.com/bid/53359