Source: cve@mitre.org
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
Drupal websites using the Print module are vulnerable to a privilege escalation attack. Attackers can leverage this flaw to read sensitive page titles without proper authorization, potentially leading to information disclosure and further compromise. This vulnerability impacts versions 5.x and 6.x of the Print module.
Step 1: Target Identification: The attacker identifies a Drupal website using a vulnerable version of the Print module (5.x before 5.x-4.9 or 6.x before 6.x-1.9).
Step 2: Requesting the 'Send to Friend' Form: The attacker navigates to a page on the Drupal website and attempts to access the 'Send to friend' functionality, typically by clicking a 'Send by e-mail' or similar link provided by the Print module.
Step 3: Exploiting the Privilege Flaw: The attacker's request bypasses the intended privilege checks. The module, due to the vulnerability, does not verify the attacker's permissions before displaying the page title.
Step 4: Information Disclosure: The attacker successfully receives the page title, which is then displayed or accessible through the 'Send to friend' form, even without proper authorization. This information can be used to gather intelligence about the website's content and structure.
The vulnerability stems from a failure to properly validate user permissions within the 'Send by e-mail' functionality of the Print module. Specifically, the module does not adequately check if a user has the necessary privileges to access and view page titles when requesting the 'Send to friend' form. This allows unauthenticated or low-privilege users to bypass access controls and retrieve information they should not be able to see. The root cause is a missing or inadequate access control check within the module's code, allowing unauthorized access to protected data.
There is no specific APT or malware directly associated with this vulnerability. However, any actor targeting Drupal websites could potentially exploit this vulnerability for reconnaissance and information gathering. CISA KEV status: Not Listed.
Monitor web server logs for requests to the 'Send to friend' functionality of the Print module, especially from unexpected or unauthorized IP addresses.
Analyze HTTP response codes for requests related to the Print module. Look for successful responses (200 OK) when the user should not have access.
Examine Drupal's database for unusual activity related to page title access or modification.
Implement a Web Application Firewall (WAF) to filter malicious requests targeting the Print module.
Use a vulnerability scanner to identify outdated Print module versions.
Upgrade the Print module to version 5.x-4.9 or later, or 6.x-1.9 or later.
Implement a Web Application Firewall (WAF) to filter malicious requests.
Review and enforce strict access control policies within Drupal to restrict access to sensitive information.
Regularly scan the Drupal installation for known vulnerabilities.
Monitor web server logs for suspicious activity related to the Print module.