Vulnerability Description
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sean Robertson | Forward | 6.x-1.0 |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1423722Patch
- http://drupal.org/node/1425150PatchVendor Advisory
- http://osvdb.org/78817
- http://secunia.com/advisories/47851Vendor Advisory
- http://www.securityfocus.com/bid/51826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72920
- http://drupal.org/node/1423722Patch
- http://drupal.org/node/1425150PatchVendor Advisory
- http://osvdb.org/78817
- http://secunia.com/advisories/47851Vendor Advisory
- http://www.securityfocus.com/bid/51826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72920
FAQ
What is CVE-2012-1056?
CVE-2012-1056 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows ...
How severe is CVE-2012-1056?
CVE-2012-1056 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1056?
Check the references section above for vendor advisories and patch information. Affected products include: Sean Robertson Forward, Drupal Drupal.