Code injection

2009-12-3119:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.5%

JSON

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.

CPENameOperatorVersion
stormeq6.120.10
stormeq6.120.11
stormeq6.120.12
stormeq6.120.13
stormeq6.120.14
stormeq6.120.15
stormeq6.120.16
stormeq6.120.17
stormeq6.120.18
stormeq6.120.19

Name	Operator	Version
storm	eq	6.120.10
storm	eq	6.120.11
storm	eq	6.120.12
storm	eq	6.120.13
storm	eq	6.120.14
storm	eq	6.120.15
storm	eq	6.120.16
storm	eq	6.120.17
storm	eq	6.120.18
storm	eq	6.120.19

Rows per page:

1-10 of 261

References

secunia.com/advisories/37202

www.securityfocus.com/bid/36879

www.vupen.com/english/advisories/2009/3090

drupal.org/node/617480

drupal.org/node/617494