Unauthenticated Access to Sensitive Information in Linkit Module for Drupal

Unauthenticated Access to Sensitive Information in Linkit Module for Drupal

CVE-2012-2304 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.