CVE-2015-4375
N/A
N/A
Summary
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2015/03/22/35
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- https://www.drupal.org/node/2454909
- https://www.drupal.org/node/2454883
References
- http://www.openwall.com/lists/oss-security/2015/03/22/35
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- https://www.drupal.org/node/2454909
- https://www.drupal.org/node/2454883
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.