CVE-2015-5491

Drupal Dynamic Display Block <7.x-1.1 - Auth Bypass

Title source: llm
STIX 2.1

Description

The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2484157
Patch x_refsource_confirm
https://www.drupal.org/node/2504965
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/04/4

Scores

EPSS 0.0101
EPSS Percentile 59.0%

Details

CWE
CWE-200
Status published
Products (2)
dynamic_display_block_project/dynamic_display_block 7.x-1.0 beta1 (2 CPE variants)
dynamic_display_block_project/dynamic_display_block 7.x-1.x dev
Published Aug 18, 2015
Tracked Since Feb 18, 2026