The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Week | Earl_dunovant | 6.x-1.0 | 6.x-1.0 |
Week | Earl_dunovant | 6.x-1.x-dev | 6.x-1.x-dev |
Week | Earl_dunovant | 6.x-2.0 | 6.x-2.0 |
Week | Earl_dunovant | 6.x-2.1 | 6.x-2.1 |
Week | Earl_dunovant | 6.x-2.2 | 6.x-2.2 |
Week | Earl_dunovant | 6.x-2.3 | 6.x-2.3 |
Week | Earl_dunovant | 6.x-2.4 | 6.x-2.4 |
Week | Earl_dunovant | 6.x-2.5 | 6.x-2.5 |
Week | Earl_dunovant | 6.x-2.6 | 6.x-2.6 |
Week | Earl_dunovant | 6.x-2.x-dev | 6.x-2.x-dev |