Vulnerability Details : CVE-2010-0752
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2010-0752
Probability of exploitation activity in the next 30 days: 0.55%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-0752
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0752
-
http://drupal.org/node/723776
week 6.x-2.7 | Drupal.orgPatch
-
http://drupal.org/node/724286
SA-CONTRIB-2010-019 - Weekly Archive by Node Type - Access Bypass | Drupal.orgPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56504
Weekly Archive by Node Type module for Drupal information disclosure CVE-2010-0752 Vulnerability Report
-
http://www.securityfocus.com/bid/38397
Weekly Archive by Node Type Module Weekly Summary Security Bypass Vulnerability
Products affected by CVE-2010-0752
- cpe:2.3:a:earl_dunovant:week:6.x-2.6:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.5:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:earl_dunovant:week:6.x-2.x-dev:*:*:*:*:*:*:*