CVE-2012-4488

2012-10-31T16:55:00
ID CVE-2012-4488
Type cve
Reporter cve@mitre.org
Modified 2012-11-02T04:00:00

Description

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.