The Chaos Tool Suite (ctools) module 7.x-1.x prior to 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
chaos tool suite project ctools 7.x-1.0 |
||
chaos tool suite project ctools 7.x-1.1 |
||
chaos tool suite project ctools 7.x-1.2 |
||
chaos tool suite project ctools 7.x-1.x |