Drupal Simplenews Module Information Disclosure Vulnerability UPDATED

Summary

The Simplenews module for Drupal is prone to an information-disclosure vulnerability.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/53839
The information has been provided by Laza and Sascha Grossenbacher.


Details

Vulnerable Systems:
 * Drupal Simplenews 7.x-1.x and prior

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:
http://drupal.org/node/1619848

CVE Information:
CVE-2012-2724

Disclosure Timeline:
Published:Jun 06 2012
Updated:Aug 07 2012

Categories: News