Vulnerability in Adcisolutions Node_view_permissions

CVE-2013-5965

The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.

EPSS: 0.003 (52.9th percentile) — read the EPSS interpretation.

Affected products

Adcisolutions Node_view_permissions — versions 7.x-1.0
Drupal
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
[oss-security] 20130911 Re: CVE request for Drupal contrib modules (mailing-list, x_refsource_MLIST)
54550 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
20130828 Drupal Node View Permissions module and Flag module Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Patch, x_refsource_MISC, Vendor Advisory)