Lack of Permission Enforcement in Spaces Module for Drupal

Lack of Permission Enforcement in Spaces Module for Drupal

CVE-2012-2303 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.

Learn more about our Web Application Penetration Testing UK.