CVE-2010-0752

EUVD-2010-0778
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
earl_dunovantweek
6.x-1.0:x
earl_dunovantweek
6.x-1.x-dev:x
earl_dunovantweek
6.x-2.0:x
earl_dunovantweek
6.x-2.1:x
earl_dunovantweek
6.x-2.2:x
earl_dunovantweek
6.x-2.3:x
earl_dunovantweek
6.x-2.4:x
earl_dunovantweek
6.x-2.5:x
earl_dunovantweek
6.x-2.6:x
earl_dunovantweek
6.x-2.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/723776
http://drupal.org/node/724286
http://osvdb.org/62565
http://secunia.com/advisories/38717
http://www.securityfocus.com/bid/38397
https://exchange.xforce.ibmcloud.com/vulnerabilities/56504
http://drupal.org/node/723776
http://drupal.org/node/724286
http://osvdb.org/62565
http://secunia.com/advisories/38717
http://www.securityfocus.com/bid/38397
https://exchange.xforce.ibmcloud.com/vulnerabilities/56504