CVE-2015-4375: Infoleak
First published: Mon Jun 15 2015(Updated: )
The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chaos Tool Suite Project Ctools | =7.x-1.0 | |
| Chaos Tool Suite Project Ctools | =7.x-1.1 | |
| Chaos Tool Suite Project Ctools | =7.x-1.2 | |
| Chaos Tool Suite Project Ctools | =7.x-1.3 | |
| Chaos Tool Suite Project Ctools | =7.x-1.4 | |
| Chaos Tool Suite Project Ctools | =7.x-1.5 | |
| Chaos Tool Suite Project Ctools | =7.x-1.6 | |
| Chaos Tool Suite Project Ctools | =7.x-1.6-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/chaos tool suite project
- canonical/chaos tool suite project ctools
- version/chaos tool suite project ctools/7.x-1.0
- version/chaos tool suite project ctools/7.x-1.1
- version/chaos tool suite project ctools/7.x-1.2
- version/chaos tool suite project ctools/7.x-1.3
- version/chaos tool suite project ctools/7.x-1.4
- version/chaos tool suite project ctools/7.x-1.5
- version/chaos tool suite project ctools/7.x-1.6
- version/chaos tool suite project ctools/7.x-1.6-rc1