CVE-2012-1635 in revisioninginfo

Summary

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

03/12/2012

Disclosure

08/28/2012

Moderation

VulDB entry created

Entries

VDB-61920 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.5

EPSS

0.00152

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1635
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1635
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1635/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!