The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
Drupal websites using the Print module are vulnerable to a privilege escalation attack. Attackers can leverage this vulnerability to read sensitive page titles without proper authorization, potentially leading to information disclosure and further compromise. This vulnerability impacts versions 5.x and 6.x of the Print module.
Step 1: Identify Vulnerable Website: The attacker identifies a Drupal website using the Print module, specifically versions 5.x before 5.x-4.9 or 6.x before 6.x-1.9.
Step 2: Access the 'Send to Friend' Form: The attacker navigates to a page on the website and attempts to access the 'Send to friend' form provided by the Print module.
Step 3: Trigger the Vulnerability: The attacker interacts with the 'Send to friend' form, potentially by submitting it or simply accessing the form's functionality.
Step 4: Information Disclosure: Due to the lack of proper privilege checks, the attacker is able to retrieve the page title, which is then displayed or accessible through the form's response or behavior.
The vulnerability stems from a flaw in the Send by e-mail sub-module of the Print module. Specifically, the module fails to adequately check user permissions when handling requests to the 'Send to friend' form. This allows unauthenticated or low-privilege users to access and retrieve page titles, which are typically only accessible to authorized users. The root cause is a missing or improperly implemented access control check within the code that processes the email sending functionality. This lack of proper authorization allows any user to trigger the function and retrieve the page title.