Improper Access Control in Administration Views Module for Drupal

Improper Access Control in Administration Views Module for Drupal

CVE-2015-7226 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.

Learn more about our Web Application Penetration Testing UK.