Remote Access Flaw in Drupal Print Module Exposes Restricted Content
CVE-2007-3689

Currently unrated

Key Information:

Vendor: Drupal
Status: Print Module
Vendor: CVE Published:; 11 July 2007

Summary

The Print module in Drupal versions prior to 4.7-1.0 and 5.x before 5.x-1.2 contains a vulnerability that enables remote attackers to access private content. By manipulating URL parameters, attackers can bypass access restrictions enforced by various modules, including Organic Groups and Taxonomy Access Control. This flaw can lead to unauthorized exposure of restricted posts, putting sensitive information at risk.

References

http://drupal.org/node/158032

x_refsource_CONFIRM

http://secunia.com/advisories/25978

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/2470

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jul 11, 2007
Vulnerability Reserved
Jul 11, 2007