CVE-2012-4488
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
El módulo Location v6.x antes de v6.x-3.2 y v7.x antes de v7.x-3.0-alfa1 para Drupal no comprueba correctamente los permisos de usuario o nodo de acceso, lo que permite a atacantes remotos leer nodos o usuario a través de los resultados de la página de búsqueda de ubicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-21 CVE Reserved
- 2012-10-31 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/10/07/1 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1699962 | 2012-11-02 | |
| http://drupal.org/node/1699984 | 2012-11-02 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1700588 | 2012-11-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.0 Search vendor "Location Module Project" for product "Location" and version "6.x-3.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.0 Search vendor "Location Module Project" for product "Location" and version "6.x-3.0" | rc1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.0 Search vendor "Location Module Project" for product "Location" and version "6.x-3.0" | rc2 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.0 Search vendor "Location Module Project" for product "Location" and version "6.x-3.0" | test3 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.1 Search vendor "Location Module Project" for product "Location" and version "6.x-3.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.1 Search vendor "Location Module Project" for product "Location" and version "6.x-3.1" | rc1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 6.x-3.x Search vendor "Location Module Project" for product "Location" and version "6.x-3.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 7.x-1.0 Search vendor "Location Module Project" for product "Location" and version "7.x-1.0" | beta1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 7.x-3.x Search vendor "Location Module Project" for product "Location" and version "7.x-3.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 7.x-4.x Search vendor "Location Module Project" for product "Location" and version "7.x-4.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Location Module Project Search vendor "Location Module Project" | Location Search vendor "Location Module Project" for product "Location" | 7.x-5.x Search vendor "Location Module Project" for product "Location" and version "7.x-5.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|