Back to search
CVE-2012-2724
Published: Jan 9, 2020
Modified: Aug 6, 2024
PUBLISHED
Description
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
| Vendor | Product | Versions |
|---|---|---|
Simplenews | Simplenews | affected 6.x-1.x before 6.x-1.4affected 6.x-2.x before 6.x-2.0-alpha4affected and 7.x-1.x before 7.x-1.0-rc1 |
References
http://drupal.org/node/1619848
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/06/14/3
x_refsource_MISC
http://drupal.org/node/1619812
x_refsource_MISC
http://drupal.org/node/1619818
x_refsource_MISC
http://drupal.org/node/1619820
x_refsource_MISC
http://drupalcode.org/project/simplenews.git/commitdiff/36352c1
x_refsource_MISC
http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c
x_refsource_MISC
http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6
x_refsource_MISC
http://www.securityfocus.com/bid/53839
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/76143
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now