← voltar
CVE-2012-2724

CVE-2012-2724

EPSS 2.5%
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Produtos afetados
Simplenews · Simplenews

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://drupalcode.org/project/simplenews.git/commitdiff/36352c1http://drupalcode.org/project/simplenews.git/commitdiff/6d5704chttp://drupalcode.org/project/simplenews.git/commitdiff/faec6a6http://drupal.org/node/1619812http://drupal.org/node/1619818http://drupal.org/node/1619820http://drupal.org/node/1619848https://exchange.xforce.ibmcloud.com/vulnerabilities/76143http://www.openwall.com/lists/oss-security/2012/06/14/3http://www.securityfocus.com/bid/53839