CVE-2012-2302

Drupal Site Documentation (Sitedoc) 6.x-1.x < 6.x-1.4 - Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/2
Vendor Advisory x_refsource_misc
http://drupal.org/node/1547686
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/81555
Various Sources x_refsource_confirm
http://drupal.org/node/1546224
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/1

Scores

EPSS 0.0166
EPSS Percentile 73.9%

Details

CWE
CWE-200
Status published
Products (5)
nancy_wichmann/sitedoc 6.x-1.0 (4 CPE variants)
nancy_wichmann/sitedoc 6.x-1.1
nancy_wichmann/sitedoc 6.x-1.2
nancy_wichmann/sitedoc 6.x-1.3
nancy_wichmann/sitedoc 6.x-1.x dev
Published Jul 25, 2012
Tracked Since Feb 18, 2026