Security Advisory

CVE-2010-1548

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-05-21 20:00:00

Last updated 2024-08-07 01:28:41

Assigner mitre

State PUBLISHED

Description

The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the nodes title.

← Browse all CVEs View on cve.org ↗