← Back to CVEs
CVE-2015-5502
N/ADescription
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
CVE Details
CVSS v3.1 ScoreN/A
Published8/18/2015
Last Modified4/12/2025
Sourcenvd
Honeypot Sightings0
Affected Products
storage_api_project:storage_api
Weaknesses (CWE)
CWE-284
References
http://www.openwall.com/lists/oss-security/2015/07/04/4(cve@mitre.org)
http://www.securityfocus.com/bid/74867(cve@mitre.org)
https://www.drupal.org/node/2495895(cve@mitre.org)
https://www.drupal.org/node/2495903(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2015/07/04/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74867(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2495895(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2495903(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.