PT-2013-4930 · Drupal · Botcha Spam Prevention
Publicado
2013-08-28
·
Atualizado
2013-09-05
·
CVE-2013-4272
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BOTCHA Spam Prevention module versions 7.x-1.x through 7.x-1.5
BOTCHA Spam Prevention module versions 7.x-2.x through 7.x-2.0
BOTCHA Spam Prevention module versions 7.x-3.x through 7.x-3.2
Description
The issue allows context-dependent users to obtain sensitive information, such as usernames and passwords, by reading the log file when the debugging level is set to 5 or 6. This occurs because the module logs the content of submitted forms.
Recommendations
For BOTCHA Spam Prevention module versions 7.x-1.x through 7.x-1.5, update to version 7.x-1.6 or later.
For BOTCHA Spam Prevention module versions 7.x-2.x through 7.x-2.0, update to version 7.x-2.1 or later.
For BOTCHA Spam Prevention module versions 7.x-3.x through 7.x-3.2, update to version 7.x-3.3 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Botcha Spam Prevention