CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2304
https://notcve.org/view.php?id=CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo Linkit v7.x-2.x antes de v7.x-2.3 para Drupal, cuando se utiliza un módulo de acceso a la entidad, no comprueba los permisos en la búsqueda de entidades, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1547716 http://drupal.org/node/1547738 http://secunia.com/advisories/48900 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.osvdb.org/81557 http://www.securityfocus.com/bid/53253 https://exchange.xforce.ibmcloud.com/vulnerabilities/75183 • CWE-264: Permissions, Privileges, and Access Controls •