Unauthenticated Access to Sensitive Information in Linkit Module for Drupal
CVE-2012-2304 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
Learn more about our Web Application Penetration Testing UK.