CVE-2010-0752

The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
earl_dunovantweek
6.x-1.0:x
earl_dunovantweek
6.x-1.x-dev:x
earl_dunovantweek
6.x-2.0:x
earl_dunovantweek
6.x-2.1:x
earl_dunovantweek
6.x-2.2:x
earl_dunovantweek
6.x-2.3:x
earl_dunovantweek
6.x-2.4:x
earl_dunovantweek
6.x-2.5:x
earl_dunovantweek
6.x-2.6:x
earl_dunovantweek
6.x-2.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/723776
http://drupal.org/node/724286
http://osvdb.org/62565
http://secunia.com/advisories/38717
http://www.securityfocus.com/bid/38397
https://exchange.xforce.ibmcloud.com/vulnerabilities/56504
http://drupal.org/node/723776
http://drupal.org/node/724286
http://osvdb.org/62565
http://secunia.com/advisories/38717
http://www.securityfocus.com/bid/38397
https://exchange.xforce.ibmcloud.com/vulnerabilities/56504