CVE-2009-4526
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
31/12/2009
Last modified:
04/01/2010
Description
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:joao_ventura:print:5.x-4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:5.x-4.x:dev:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:6.x-1.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:6.x-1.0:rc1:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:6.x-1.0:rc2:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:6.x-1.0:rc3:*:*:*:*:*:* | ||
cpe:2.3:a:joao_ventura:print:6.x-1.0:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page