CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1973
https://notcve.org/view.php?id=CVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors. La rellamada de autocompletar en Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) módulo 6.x-1.x anterior a 6.x-1.4 y 7.x-1.x anterior a 7.x-1.0-rc1 no maneja debidamente permisos de nodo, loque permite a usuarios remotos autenticados obtener valores de campos sensibles a través de vectores no especificados. • http://osvdb.org/92532 http://secunia.com/advisories/52996 https://drupal.org/node/1971848 https://drupal.org/node/1971856 https://drupal.org/node/1972976 • CWE-264: Permissions, Privileges, and Access Controls •