The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
2012-07-18T18:55:03.103
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.0 | Yes |
Application | florian_weber | spaces | 6.x-3.1 | Yes |
Application | florian_weber | spaces | 6.x-3.2 | Yes |
Application | florian_weber | spaces | 6.x-3.3 | Yes |
Application | drupal | drupal | - | No |