CVE-2012-1056 Information

Description

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards (2) Most forwarded or (3) Dynamic blocks which allows remote attackers to obtain node titles via unspecified vectors.

Reference

http://drupal.org/node/1423722 http://drupal.org/node/1425150 http://osvdb.org/78817 http://secunia.com/advisories/47851 http://www.securityfocus.com/bid/51826 https://exchange.xforce.ibmcloud.com/vulnerabilities/72920