Sensitive Information Exposure in Drupal Chatroom Module
CVE-2006-6529

Currently unrated

Key Information:

Vendor: Drupal
Status: Chatroom Module
Vendor: CVE Published:; 14 December 2006

Summary

The Chatroom Module for Drupal, prior to version 4.7.x-1.0, has a significant flaw where it incorrectly displays private messages in the last messages overview. This design oversight allows unauthorized users to access and read private messages, which could lead to unauthorized information disclosure. Attackers can exploit this vulnerability to gain insights into confidential communications, posing a serious threat to user privacy and data integrity.

References

http://secunia.com/advisories/23343

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/102614

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 14, 2006