PT-2017-7284 · Drupal · Ctools
Andor Dávid
·
Published
2017-08-07
·
Updated
2017-09-29
·
CVE-2015-7875
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ctools versions 6.x-1.x prior to 6.x-1.14
ctools versions 7.x-1.x prior to 7.x-1.8
Description
The issue concerns the failure to verify the "edit" permission for content type plugins used in Panels and similar systems, which can lead to unauthorized access to place content and functionality on a page.
Recommendations
For ctools versions 6.x-1.x prior to 6.x-1.14, update to version 6.x-1.14 or later.
For ctools versions 7.x-1.x prior to 7.x-1.8, update to version 7.x-1.8 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ctools