CVE-2009-4520 | Vulnerability Database | Aqua Security

The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.

Affected Software

Name	Vendor	Start Version	End Version
Commentreference	Kristof_de_jaeger	*	5.x-1.1 (including)
Commentreference	Kristof_de_jaeger	*	6.x-1.2 (including)
Commentreference	Kristof_de_jaeger	5.x-1.0 (including)	5.x-1.0 (including)
Commentreference	Kristof_de_jaeger	5.x-1.x-dev (including)	5.x-1.x-dev (including)
Commentreference	Kristof_de_jaeger	6.x-1.0 (including)	6.x-1.0 (including)
Commentreference	Kristof_de_jaeger	6.x-1.1 (including)	6.x-1.1 (including)
Commentreference	Kristof_de_jaeger	6.x-1.x-dev (including)	6.x-1.x-dev (including)

References

http://drupal.org/node/617380
http://secunia.com/advisories/37206
http://www.securityfocus.com/bid/36863
http://www.vupen.com/english/advisories/2009/3084

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-4520
CWE	https://cwe.mitre.org/data/definitions/264.html