The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sean_robertson | forward | 6.x-1.4 |
| sean_robertson | forward | 6.x-1.1 |
| sean_robertson | forward | 6.x-1.14 |
| sean_robertson | forward | 6.x-1.3 |
| sean_robertson | forward | 6.x-1.10 |
| sean_robertson | forward | 6.x-1.20 |
| sean_robertson | forward | 6.x-1.5 |
| sean_robertson | forward | 6.x-1.8 |
| sean_robertson | forward | 7.x-1.0 |
| sean_robertson | forward | 6.x-1.11 |
| sean_robertson | forward | 6.x-1.x-dev |
| sean_robertson | forward | 6.x-1.17 |
| sean_robertson | forward | 7.x-1.1 |
| sean_robertson | forward | 6.x-1.2 |
| sean_robertson | forward | 7.x-1.2 |
| sean_robertson | forward | 6.x-1.15 |
| sean_robertson | forward | 6.x-1.13 |
| sean_robertson | forward | 6.x-1.19 |
| sean_robertson | forward | 7.x-1.x-dev |
| sean_robertson | forward | 6.x-1.18 |
| sean_robertson | forward | 6.x-1.7 |
| sean_robertson | forward | 6.x-1.6 |
| sean_robertson | forward | 6.x-1.0 |
| sean_robertson | forward | 6.x-1.12 |
| sean_robertson | forward | 6.x-1.16 |
| sean_robertson | forward | 6.x-1.9 |
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sean_robertson | forward | 6.x-1.4 |
| sean_robertson | forward | 6.x-1.1 |
| sean_robertson | forward | 6.x-1.14 |
| sean_robertson | forward | 6.x-1.3 |
| sean_robertson | forward | 6.x-1.10 |
| sean_robertson | forward | 6.x-1.20 |
| sean_robertson | forward | 6.x-1.5 |
| sean_robertson | forward | 6.x-1.8 |
| sean_robertson | forward | 7.x-1.0 |
| sean_robertson | forward | 6.x-1.11 |
| sean_robertson | forward | 6.x-1.x-dev |
| sean_robertson | forward | 6.x-1.17 |
| sean_robertson | forward | 7.x-1.1 |
| sean_robertson | forward | 6.x-1.2 |
| sean_robertson | forward | 7.x-1.2 |
| sean_robertson | forward | 6.x-1.15 |
| sean_robertson | forward | 6.x-1.13 |
| sean_robertson | forward | 6.x-1.19 |
| sean_robertson | forward | 7.x-1.x-dev |
| sean_robertson | forward | 6.x-1.18 |
| sean_robertson | forward | 6.x-1.7 |
| sean_robertson | forward | 6.x-1.6 |
| sean_robertson | forward | 6.x-1.0 |
| sean_robertson | forward | 6.x-1.12 |
| sean_robertson | forward | 6.x-1.16 |
| sean_robertson | forward | 6.x-1.9 |