Published: 25/11/2016 Updated: 07/01/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The taxonomy module in Drupal 7.x prior to 7.52 and 8.x prior to 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 8.2.0
drupal drupal 8.0.0
drupal drupal 8.2.1
drupal drupal 8.0.4
drupal drupal 8.0.5
drupal drupal 8.1.2
drupal drupal 8.1.3
drupal drupal 8.0.2
drupal drupal 8.0.3
drupal drupal 8.1.0
drupal drupal 8.1.1
drupal drupal 8.1.9
drupal drupal 8.0.6
drupal drupal 8.1.4
drupal drupal 8.1.5
drupal drupal 8.2.2
drupal drupal 8.1.10
drupal drupal 8.0.1
drupal drupal 8.1.6
drupal drupal 8.1.7
drupal drupal 8.1.8
drupal drupal 7.0
drupal drupal 7.1
drupal drupal 7.10
drupal drupal 7.18
drupal drupal 7.19
drupal drupal 7.25
drupal drupal 7.26
drupal drupal 7.32
drupal drupal 7.33
drupal drupal 7.34
drupal drupal 7.41
drupal drupal 7.42
drupal drupal 7.16
drupal drupal 7.17
drupal drupal 7.23
drupal drupal 7.24
drupal drupal 7.30
drupal drupal 7.31
drupal drupal 7.4
drupal drupal 7.40
drupal drupal 7.11
drupal drupal 7.12
drupal drupal 7.13
drupal drupal 7.2
drupal drupal 7.20
drupal drupal 7.27
drupal drupal 7.28
drupal drupal 7.35
drupal drupal 7.36
drupal drupal 7.43
drupal drupal 7.44
drupal drupal 7.14
drupal drupal 7.15
drupal drupal 7.21
drupal drupal 7.22
drupal drupal 7.29
drupal drupal 7.3
drupal drupal 7.37
drupal drupal 7.38
drupal drupal 7.50
drupal drupal 7.51

Multiple vulnerabilities has been found in the Drupal content management framework For additional information, please refer to the upstream advisory at wwwdrupalorg/SA-CORE-2016-005 For the stable distribution (jessie), this problem has been fixed in version 732-1+deb8u8 For the unstable distribution (sid), this problem has been fixed ...

Drupal provides a mechanism to alter database SELECT queries before they are executed Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing hook_query_alter() or hook_query_TAG_alter() in order to add additional conditions Queries can be distinguished by means of query tags As the documentat ...

CWE-200 http://www.securityfocus.com/bid/94367 https://www.drupal.org/SA-CORE-2016-005 http://www.debian.org/security/2016/dsa-3718 https://nvd.nist.gov https://www.debian.org/security/./dsa-3718

CVE-2016-9449

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect