CVE-2010-0752 | Vulnerability Database | Aqua Security

The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Week	Earl_dunovant	6.x-1.0 (including)	6.x-1.0 (including)
Week	Earl_dunovant	6.x-1.x-dev (including)	6.x-1.x-dev (including)
Week	Earl_dunovant	6.x-2.0 (including)	6.x-2.0 (including)
Week	Earl_dunovant	6.x-2.1 (including)	6.x-2.1 (including)
Week	Earl_dunovant	6.x-2.2 (including)	6.x-2.2 (including)
Week	Earl_dunovant	6.x-2.3 (including)	6.x-2.3 (including)
Week	Earl_dunovant	6.x-2.4 (including)	6.x-2.4 (including)
Week	Earl_dunovant	6.x-2.5 (including)	6.x-2.5 (including)
Week	Earl_dunovant	6.x-2.6 (including)	6.x-2.6 (including)
Week	Earl_dunovant	6.x-2.x-dev (including)	6.x-2.x-dev (including)

References

http://drupal.org/node/723776
http://drupal.org/node/724286
http://osvdb.org/62565
http://secunia.com/advisories/38717
http://www.securityfocus.com/bid/38397
https://exchange.xforce.ibmcloud.com/vulnerabilities/56504

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-0752
CWE	https://cwe.mitre.org/data/definitions/264.html