Your submission was sent successfully! Close

CVE-2012-2922

Published: 21 May 2012

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.

Priority

Negligible

Status

Package Release Status
drupal7
Launchpad, Ubuntu, Debian
artful Not vulnerable
(7.26-1)
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected [7.26-1])
upstream
Released (7.15)
utopic Not vulnerable
(7.26-1)
vivid Does not exist

wily Not vulnerable
(7.26-1)
xenial Not vulnerable
(7.26-1)
yakkety Not vulnerable
(7.26-1)
zesty Not vulnerable
(7.26-1)