CVE-2012-2302
Drupal Site Documentation (Sitedoc) 6.x-1.x < 6.x-1.4 - Sensitive Information Exposure
Title source: llmDescription
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/2
Vendor Advisory x_refsource_misc
http://drupal.org/node/1547686
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81555
Various Sources x_refsource_confirm
http://drupal.org/node/1546224
Exploit, Patch x_refsource_confirm
http://drupalcode.org/project/sitedoc.git/commitdiff/521721c
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/1
Scores
EPSS
0.0166
EPSS Percentile
73.9%
Details
CWE
CWE-200
Status
published
Products (5)
nancy_wichmann/sitedoc
6.x-1.0 (4 CPE variants)
nancy_wichmann/sitedoc
6.x-1.1
nancy_wichmann/sitedoc
6.x-1.2
nancy_wichmann/sitedoc
6.x-1.3
nancy_wichmann/sitedoc
6.x-1.x dev
Published
Jul 25, 2012
Tracked Since
Feb 18, 2026