The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| quick_tabs_module_project | quicktabs | 7.x-3.4 |
| quick_tabs_module_project | quicktabs | 7.x-3.1 |
| quick_tabs_module_project | quicktabs | 7.x-3.x |
| quick_tabs_module_project | quicktabs | 6.x-3.0 |
| quick_tabs_module_project | quicktabs | 7.x-3.0 |
| quick_tabs_module_project | quicktabs | 7.x-3.5 |
| quick_tabs_module_project | quicktabs | 7.x-3.2 |
| quick_tabs_module_project | quicktabs | 6.x-2.x |
| quick_tabs_module_project | quicktabs | 6.x-3.x |
| quick_tabs_module_project | quicktabs | 6.x-3.1 |
| quick_tabs_module_project | quicktabs | 6.x-2.1 |
| quick_tabs_module_project | quicktabs | 6.x-2.0 |
| quick_tabs_module_project | quicktabs | 7.x-3.3 |