Unrestricted Access to Node Titles in Forward Module for Drupal
CVE-2012-1056 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
Learn more about our Web Application Penetration Testing UK.