Description
The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2613444
Patch x_refsource_confirm
https://www.drupal.org/node/2612812
Scores
EPSS
0.0109
EPSS Percentile
61.3%
Details
CWE
CWE-200
Status
published
Products (2)
uc_profile_project/uc_profile
6.x-1.1 (4 CPE variants)
uc_profile_project/uc_profile
6.x-1.2
Published
Nov 17, 2015
Tracked Since
Feb 18, 2026