Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-4488
cve-2012-4488
drupal
location module
access permissions
remote attackers
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.5%
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
Affected configurations
Node
location_module_projectlocationMatch6.x-3.0
ORlocation_module_projectlocationMatch6.x-3.0rc1
ORlocation_module_projectlocationMatch6.x-3.0rc2
ORlocation_module_projectlocationMatch6.x-3.0test3
ORlocation_module_projectlocationMatch6.x-3.1
ORlocation_module_projectlocationMatch6.x-3.1rc1
ORlocation_module_projectlocationMatch6.x-3.xdev
ORlocation_module_projectlocationMatch7.x-1.0beta1
ORlocation_module_projectlocationMatch7.x-3.xdev
ORlocation_module_projectlocationMatch7.x-4.xdev
ORlocation_module_projectlocationMatch7.x-5.xdev
drupaldrupalMatch-
Related
prion
prion
Code injection
2012-10-31 16:55:00
nvd
nvd
CVE-2012-4488
2012-10-31 16:55:03
cvelist
cvelist
CVE-2012-4488
2022-10-03 16:15:35
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.5%
Related for CVE-2012-4488