Improper Access Restrictions in Drupal Commons Module

Improper Access Restrictions in Drupal Commons Module

CVE-2012-4483 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.

Learn more about our Web Application Penetration Testing UK.