Vulnerability Details CVE-2015-7880
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.6%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.openwall.com/lists/oss-security/2015/10/21/2
- http://www.securityfocus.com/bid/77023
- https://www.drupal.org/node/2582015
- https://www.drupal.org/node/2582283
- http://www.openwall.com/lists/oss-security/2015/10/21/2
- http://www.securityfocus.com/bid/77023
- https://www.drupal.org/node/2582015
- https://www.drupal.org/node/2582283
Products affected by CVE-2015-7880
-
cpe:2.3:a:drupal:drupal:7.x-1.0
-
cpe:2.3:a:drupal:drupal:7.x-1.1
-
cpe:2.3:a:drupal:drupal:7.x-1.2
-
cpe:2.3:a:drupal:drupal:7.x-1.3
-
cpe:2.3:a:drupal:drupal:7.x-1.4