Drupal 7.x prior to 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 7.0 |
||
drupal drupal 7.12 |
||
drupal drupal 7.5 |
||
drupal drupal 7.13 |
||
drupal drupal 7.x-dev |
||
drupal drupal 7.2 |
||
drupal drupal 7.6 |
||
drupal drupal 7.9 |
||
drupal drupal 7.8 |
||
drupal drupal 7.1 |
||
drupal drupal 7.3 |
||
drupal drupal 7.11 |
||
drupal drupal 7.10 |
||
drupal drupal 7.4 |
||
drupal drupal 7.7 |