Unrestricted Access to Node Titles in Forward Module for Drupal

Unrestricted Access to Node Titles in Forward Module for Drupal

CVE-2012-1056 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.