CVE-2012-1590
Drupal 7.x < 7.14 - Authenticated Information Disclosure via Forum Overview Page
Title source: llmDescription
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53359
Vendor Advisory x_refsource_confirm
http://drupal.org/drupal-7.14
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49012
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1557938
Patch x_refsource_confirm
http://drupal.org/node/1302404
Exploit x_refsource_confirm
http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
Scores
EPSS
0.0028
EPSS Percentile
51.5%
Details
CWE
CWE-264
Status
published
Products (15)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 5 more
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026