CVE-2015-7226

The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
administration_views_projectadministration_views
7.x-1.0:x
administration_views_projectadministration_views
7.x-1.0:x
administration_views_projectadministration_views
7.x-1.1:x
administration_views_projectadministration_views
7.x-1.2:x
administration_views_projectadministration_views
7.x-1.3:x
administration_views_projectadministration_views
7.x-1.4:x
administration_views_projectadministration_views
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cgit.drupalcode.org/admin_views/commit/?id=44098bb
http://www.securityfocus.com/bid/75697
https://www.drupal.org/node/2529366
https://www.drupal.org/node/2529378
http://cgit.drupalcode.org/admin_views/commit/?id=44098bb
http://www.securityfocus.com/bid/75697
https://www.drupal.org/node/2529366
https://www.drupal.org/node/2529378