The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-06-15T14:00:00
Updated: 2015-06-15T13:57:00
Reserved: 2015-06-05T00:00:00
Link: CVE-2015-4375
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-06-15T14:59:32.763
Modified: 2015-06-16T17:16:05.167
Link: CVE-2015-4375
JSON object: View
Redhat Information
No data.
CWE