Description
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
References (9)
Core 9
Core References
Patch x_refsource_confirm
http://drupalcode.org/project/drupal.git/commitdiff/da8023a
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/SA-CORE-2012-004
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56993
Patch x_refsource_confirm
http://drupalcode.org/project/drupal.git/commitdiff/b47f95d
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/88528
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2776
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80792
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/20/1
Scores
EPSS
0.0069
EPSS Percentile
72.0%
Details
CWE
CWE-264
Status
published
Products (28)
drupal/drupal
6.0 (10 CPE variants)
drupal/drupal
6.1
drupal/drupal
6.2
drupal/drupal
6.3
drupal/drupal
6.4
drupal/drupal
6.5
drupal/drupal
6.6
drupal/drupal
6.7
drupal/drupal
6.8
drupal/drupal
6.9
... and 18 more
Published
Jan 03, 2013
Tracked Since
Feb 18, 2026