The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-12-26T17:00:00Z
Updated: 2024-09-16T22:56:31.200Z
Reserved: 2012-10-24T00:00:00Z
Link: CVE-2012-5589
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2012-12-26T17:55:02.330
Modified: 2012-12-27T05:00:00.000
Link: CVE-2012-5589
Redhat
No data.