Search criteria
6 vulnerabilities found for forward by sean_robertson
FKIE_CVE-2012-1057
Vulnerability from fkie_nvd - Published: 2012-02-14 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "310173CA-5639-4270-9134-A18EB3DD551D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC8677D-28BD-42C8-A469-0070FD141BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0307CD-9507-4FA2-8294-642688287717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D66470-7133-4380-AC55-EE15C51F72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D3989A71-9188-4FCF-828B-04DE4ABA1FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A004DD-9852-4594-AAED-6A837971B606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "639D6DD6-166D-453E-82BD-9015D4A8B9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBB54D3-94AF-4D47-853A-9E047950D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "215024FE-1D6C-4220-A34D-3CB3E356C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "54594F8E-8B3F-40B8-89A3-D974CB39CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "825510E4-F63E-4E2C-BAF2-20A59ECA2EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "31E3EB43-5550-4A59-B941-450934EAC037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C1228050-F0DE-4493-A976-4EFC12E4A05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "CC598C74-9D35-43EA-A74E-77605C4CEA9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E6DB82-17BC-4F6B-AAF0-40054563E6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39881745-9EF8-44E7-8EBC-D99D7600D6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A662BB80-197A-4A5B-B25F-1FBBC01AAF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DD9CED5B-9A11-497C-B426-EBAF9BB30466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "925866B3-0DF1-4B0B-8086-B7A72D317DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A430208-187A-4BD7-BE60-4AC7819322F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E02D86-E313-407D-8951-89E10AE6B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7EE37-458E-4150-A779-92F58079B23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la funcionalidad \u0027clickthrough tracking\u0027 en el m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestras la autenticaci\u00f3n para administradores para peticiones de incremento de la clasificaci\u00f3n del nodo a trav\u00e9s de un c\u00f3digo de seguimiento, posiblemente relacionado con un control incorrecto."
}
],
"id": "CVE-2012-1057",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T00:55:00.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78817"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1056
Vulnerability from fkie_nvd - Published: 2012-02-14 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "310173CA-5639-4270-9134-A18EB3DD551D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC8677D-28BD-42C8-A469-0070FD141BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0307CD-9507-4FA2-8294-642688287717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D66470-7133-4380-AC55-EE15C51F72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D3989A71-9188-4FCF-828B-04DE4ABA1FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A004DD-9852-4594-AAED-6A837971B606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "639D6DD6-166D-453E-82BD-9015D4A8B9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBB54D3-94AF-4D47-853A-9E047950D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "215024FE-1D6C-4220-A34D-3CB3E356C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "54594F8E-8B3F-40B8-89A3-D974CB39CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "825510E4-F63E-4E2C-BAF2-20A59ECA2EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "31E3EB43-5550-4A59-B941-450934EAC037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C1228050-F0DE-4493-A976-4EFC12E4A05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "CC598C74-9D35-43EA-A74E-77605C4CEA9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E6DB82-17BC-4F6B-AAF0-40054563E6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39881745-9EF8-44E7-8EBC-D99D7600D6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A662BB80-197A-4A5B-B25F-1FBBC01AAF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DD9CED5B-9A11-497C-B426-EBAF9BB30466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "925866B3-0DF1-4B0B-8086-B7A72D317DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A430208-187A-4BD7-BE60-4AC7819322F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E02D86-E313-407D-8951-89E10AE6B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7EE37-458E-4150-A779-92F58079B23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal no aplica correctamente los permisos para (1) reenv\u00edos \u0027Recent\u0027 (2) enviado \u0027Most\u0027, o (3) bloques \u0027Dynamic\u0027, lo que permite a atacantes remotos obtener t\u00edtulos de nodos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1056",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T00:55:00.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78817"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-1057 (GCVE-0-2012-1057)
Vulnerability from cvelistv5 – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1057",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1056 (GCVE-0-2012-1056)
Vulnerability from cvelistv5 – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1056",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1057 (GCVE-0-2012-1057)
Vulnerability from nvd – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1057",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1056 (GCVE-0-2012-1056)
Vulnerability from nvd – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1056",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}