CVE-2007-3690

high

Description

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35318

http://www.vupen.com/english/advisories/2007/2469

http://www.securityfocus.com/bid/24862

http://secunia.com/advisories/25999

http://osvdb.org/37896

http://drupal.org/node/158025

http://drupal.org/node/158022

http://drupal.org/node/152806

Details

Source: Mitre, NVD

Published: 2007-07-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00666