Description

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Remediation

References

CVE-2016-9449

Related Vulnerabilities

MySQL CVE-2018-2781 Vulnerability (CVE-2018-2781)

Jboss EAP Files or Directories Accessible to External Parties Vulnerability (CVE-2021-3717)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-5770)

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.7.38)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)

Severity

Medium

Classification

CVE-2016-9449 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities