Vulnerability CVE-2007-3690


Published: 2007-07-11   Modified: 2012-02-12

Description:
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Drupal -> Forward module 

 References:
http://drupal.org/node/158025
http://drupal.org/node/158022
http://drupal.org/node/152806
http://www.vupen.com/english/advisories/2007/2469
http://osvdb.org/37896
http://xforce.iss.net/xforce/xfdb/35318
http://www.securityfocus.com/bid/24862
http://secunia.com/advisories/25999

Copyright 2024, cxsecurity.com

 

Back to Top