CVE-2015-7226

EUVD-2015-7157
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
administration_views_projectadministration_views
7.x-1.0:x
administration_views_projectadministration_views
7.x-1.0:x
administration_views_projectadministration_views
7.x-1.1:x
administration_views_projectadministration_views
7.x-1.2:x
administration_views_projectadministration_views
7.x-1.3:x
administration_views_projectadministration_views
7.x-1.4:x
administration_views_projectadministration_views
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cgit.drupalcode.org/admin_views/commit/?id=44098bb
http://www.securityfocus.com/bid/75697
https://www.drupal.org/node/2529366
https://www.drupal.org/node/2529378
http://cgit.drupalcode.org/admin_views/commit/?id=44098bb
http://www.securityfocus.com/bid/75697
https://www.drupal.org/node/2529366
https://www.drupal.org/node/2529378