CVE-2010-1548
The CVE concerns the Chaos Tool Suite (CTools) Drupal module (6.x) prior to 6.x-1.4. The autocomplete functionality does not enforce access restrictions, allowing remote authenticated users with the 'access content' privilege to read the title of unpublished nodes via a query like q=ctools/autoco...