Description
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2480327
Patch x_refsource_confirm
https://www.drupal.org/node/2480259
Exploit x_refsource_misc
https://www.drupal.org/node/2475669
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74462
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/04/4
Patch x_refsource_confirm
http://cgit.drupalcode.org/views/commit/?id=cef693b
Scores
EPSS
0.0261
EPSS Percentile
83.5%
Details
CWE
CWE-200
Status
published
Products (5)
views_project/views
7.x-3.5
views_project/views
7.x-3.6
views_project/views
7.x-3.7
views_project/views
7.x-3.8
views_project/views
7.x-3.10
Published
Aug 18, 2015
Tracked Since
Feb 18, 2026