← volver
CVE-2012-2724

CVE-2012-2724

EPSS 2.5%
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Productos afectados
Simplenews · Simplenews

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://drupalcode.org/project/simplenews.git/commitdiff/36352c1http://drupalcode.org/project/simplenews.git/commitdiff/6d5704chttp://drupalcode.org/project/simplenews.git/commitdiff/faec6a6http://drupal.org/node/1619812http://drupal.org/node/1619818http://drupal.org/node/1619820http://drupal.org/node/1619848https://exchange.xforce.ibmcloud.com/vulnerabilities/76143http://www.openwall.com/lists/oss-security/2012/06/14/3http://www.securityfocus.com/bid/53839