The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Location | Location_module_project | 6.x-3.0 | 6.x-3.0 |
Location | Location_module_project | 6.x-3.0 | 6.x-3.0 |
Location | Location_module_project | 6.x-3.0 | 6.x-3.0 |
Location | Location_module_project | 6.x-3.0 | 6.x-3.0 |
Location | Location_module_project | 6.x-3.1 | 6.x-3.1 |
Location | Location_module_project | 6.x-3.1 | 6.x-3.1 |
Location | Location_module_project | 6.x-3.x | 6.x-3.x |
Location | Location_module_project | 7.x-1.0 | 7.x-1.0 |
Location | Location_module_project | 7.x-3.x | 7.x-3.x |
Location | Location_module_project | 7.x-4.x | 7.x-4.x |
Location | Location_module_project | 7.x-5.x | 7.x-5.x |