|
|
Subscribe / Log in / New account

drupal7: full path disclosure

Package(s):drupal7 CVE #(s):CVE-2012-2922
Created:June 4, 2012 Updated:November 2, 2012
Description: From the CVE entry:

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.

Alerts:
Mandriva MDVSA-2013:074 drupal 2013-04-08
Mageia MGASA-2012-0319 drupal 2012-11-01
Fedora FEDORA-2012-8360 drupal7 2012-06-02
Fedora FEDORA-2012-8362 drupal7 2012-06-02
Fedora FEDORA-2012-8398 drupal7 2012-06-03
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds