Vulnerability Details CVE-2013-5965
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 68.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html
- http://secunia.com/advisories/54550
- http://www.openwall.com/lists/oss-security/2013/09/11/9
- https://drupal.org/node/2031621
- https://drupal.org/node/2076315
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html
- http://secunia.com/advisories/54550
- http://www.openwall.com/lists/oss-security/2013/09/11/9
- https://drupal.org/node/2031621
- https://drupal.org/node/2076315
Products affected by CVE-2013-5965
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.0
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.1
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.2
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.3
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.4
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.5
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.6
-
cpe:2.3:a:adcisolutions:node_view_permissions:1.7
-
cpe:2.3:a:adcisolutions:node_view_permissions:2.0.0
-
cpe:2.3:a:adcisolutions:node_view_permissions:2.0.1
-
cpe:2.3:a:adcisolutions:node_view_permissions:7.x-1.0
-
cpe:2.3:a:adcisolutions:node_view_permissions:7.x-1.1
-
cpe:2.3:a:drupal:drupal:-