PT-2013-2192 · Drupal · Email2Image
Forest Monsen
·
Published
2013-03-27
·
Updated
2013-03-28
·
CVE-2013-0257
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
email2image module for Drupal versions 6.x-1.x through 6.x-2.x
Description
The issue allows remote attackers to read images of user email addresses and email fields due to improper access restriction to nodes.
Recommendations
For versions 6.x-1.x through 6.x-2.x, update the email2image module to a version that properly restricts access to nodes, or consider disabling the module until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Email2Image