Remote Access to Views via me User Argument Handler in me aliases module for Drupal

Remote Access to Views via me User Argument Handler in me aliases module for Drupal

CVE-2015-5512 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL.

Learn more about our User Device Pen Test.