CVE-2009-4515

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Storm	Speedtech	6.x-1.0 (including)	6.x-1.0 (including)
Storm	Speedtech	6.x-1.1 (including)	6.x-1.1 (including)
Storm	Speedtech	6.x-1.2 (including)	6.x-1.2 (including)
Storm	Speedtech	6.x-1.3 (including)	6.x-1.3 (including)
Storm	Speedtech	6.x-1.4 (including)	6.x-1.4 (including)
Storm	Speedtech	6.x-1.5 (including)	6.x-1.5 (including)
Storm	Speedtech	6.x-1.6 (including)	6.x-1.6 (including)
Storm	Speedtech	6.x-1.7 (including)	6.x-1.7 (including)
Storm	Speedtech	6.x-1.8 (including)	6.x-1.8 (including)
Storm	Speedtech	6.x-1.9 (including)	6.x-1.9 (including)
Storm	Speedtech	6.x-1.10 (including)	6.x-1.10 (including)
Storm	Speedtech	6.x-1.11 (including)	6.x-1.11 (including)
Storm	Speedtech	6.x-1.12 (including)	6.x-1.12 (including)
Storm	Speedtech	6.x-1.13 (including)	6.x-1.13 (including)
Storm	Speedtech	6.x-1.14 (including)	6.x-1.14 (including)
Storm	Speedtech	6.x-1.15 (including)	6.x-1.15 (including)
Storm	Speedtech	6.x-1.16 (including)	6.x-1.16 (including)
Storm	Speedtech	6.x-1.17 (including)	6.x-1.17 (including)
Storm	Speedtech	6.x-1.18 (including)	6.x-1.18 (including)
Storm	Speedtech	6.x-1.19 (including)	6.x-1.19 (including)
Storm	Speedtech	6.x-1.20 (including)	6.x-1.20 (including)
Storm	Speedtech	6.x-1.21 (including)	6.x-1.21 (including)
Storm	Speedtech	6.x-1.22 (including)	6.x-1.22 (including)
Storm	Speedtech	6.x-1.23 (including)	6.x-1.23 (including)
Storm	Speedtech	6.x-1.24 (including)	6.x-1.24 (including)
Storm	Speedtech	6.x-1.x-dev (including)	6.x-1.x-dev (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-4515
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References