Unrated severityNVD Advisory· Published Jul 18, 2012· Updated Apr 29, 2026
CVE-2012-2303
CVE-2012-2303
Description
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:*
- cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:*
- (no CPE)range: >=6.x-3.0, <6.x-3.4
Patches
Vulnerability mechanics
References
8- drupal.org/node/1547730nvdPatch
- drupal.org/node/1547736nvdPatch
- drupalcode.org/project/spaces.git/commitdiff/cee919cnvdExploitPatch
- secunia.com/advisories/48930nvdVendor Advisory
- www.openwall.com/lists/oss-security/2012/05/03/1nvd
- www.openwall.com/lists/oss-security/2012/05/03/2nvd
- www.osvdb.org/81556nvd
- www.securityfocus.com/bid/53252nvd
News mentions
0No linked articles in our index yet.