← back
CVE-2015-4375

CVE-2015-4375

EPSS 1.2%
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.drupal.org/node/2454883https://www.drupal.org/node/2454909http://www.openwall.com/lists/oss-security/2015/03/22/35http://www.openwall.com/lists/oss-security/2015/04/25/6