Back to search
CVE-2012-2704
Published: Aug 31, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://drupal.org/node/1585544
x_refsource_MISC
http://drupalcode.org/project/ad.git/commitdiff/c2ffab2
x_refsource_CONFIRM
[oss-security] 20120613 Re: CVE Request for Drupal contributed modules
mailing-list
x_refsource_MLIST
advertisement-settings-info-disclosure(75719)
vdb-entry
x_refsource_XF
https://drupal.org/node/1580376
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now