PT-2012-5434 · Drupal · Drupal Location Module

Joshua Brauer

Published

2012-10-31

Updated

2012-11-02

CVE-2012-4488

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal Location module versions 6.x before 6.x-3.2 Drupal Location module versions 7.x before 7.x-3.0-alpha1

Description The issue allows remote attackers to read node or user results via the location search page due to improper checking of user or node access permissions.

Recommendations For Drupal Location module versions 6.x before 6.x-3.2, update to version 6.x-3.2 or later. For Drupal Location module versions 7.x before 7.x-3.0-alpha1, update to version 7.x-3.0-alpha1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-4488

Affected Products

Drupal Location Module

PT-2012-5434 · Drupal · Drupal Location Module

CVE-2012-4488

Weakness Enumeration

Related Identifiers

Affected Products

References · 6