Vulnerability Description
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Administration Views Project | Administration Views | 7.x-1.0 |
Related Weaknesses (CWE)
References
- http://cgit.drupalcode.org/admin_views/commit/?id=44098bb
- http://www.securityfocus.com/bid/75697
- https://www.drupal.org/node/2529366Patch
- https://www.drupal.org/node/2529378PatchVendor Advisory
- http://cgit.drupalcode.org/admin_views/commit/?id=44098bb
- http://www.securityfocus.com/bid/75697
- https://www.drupal.org/node/2529366Patch
- https://www.drupal.org/node/2529378PatchVendor Advisory
FAQ
What is CVE-2015-7226?
CVE-2015-7226 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obt...
How severe is CVE-2015-7226?
CVE-2015-7226 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7226?
Check the references section above for vendor advisories and patch information. Affected products include: Administration Views Project Administration Views.