Unrated severityNVD Advisory· Published Jul 19, 2014· Updated May 6, 2026
CVE-2013-7391
CVE-2013-7391
Description
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.
Affected products
16cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta10:*:*:*:drupal:*:*+ 15 more
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta10:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta11:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta1:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta2:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta3:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta4:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta5:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta6:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta7:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta8:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta9:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:*:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:rc1:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:rc2:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:rc3:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:*:*:*:*:*:drupal:*:*range: <=7.x-1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- drupal.org/node/2065197nvdPatch
- drupal.org/node/2065207nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2013/08/22/2nvd
News mentions
0No linked articles in our index yet.