PT-2015-7476 · Drupal · Administration Views
Maxim Baev
·
Published
2015-09-17
·
Updated
2016-11-28
·
CVE-2015-7226
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Administration Views module versions 7.x-1.x through 7.x-1.4
Description
The issue allows remote attackers to obtain sensitive information via vectors related to the access handler, due to the module checking access permissions based on the router path from the view instead of the display property.
Recommendations
For Administration Views module versions 7.x-1.x through 7.x-1.4, update to version 7.x-1.5 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Administration Views