RSS   Vulnerabilities for 'Spaces'   RSS

2014-05-17
 
CVE-2013-4498

CWE-264
 

 
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

 
2012-07-18
 
CVE-2012-2303

 

 
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.

 


Copyright 2024, cxsecurity.com

 

Back to Top