The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| earl_dunovant | week | 6.x-2.4 |
| earl_dunovant | week | 6.x-2.2 |
| earl_dunovant | week | 6.x-2.3 |
| earl_dunovant | week | 6.x-2.1 |
| earl_dunovant | week | 6.x-2.6 |
| earl_dunovant | week | 6.x-2.5 |
| earl_dunovant | week | 6.x-1.x-dev |
| earl_dunovant | week | 6.x-2.x-dev |
| earl_dunovant | week | 6.x-2.0 |
| earl_dunovant | week | 6.x-1.0 |