CVE-2012-1056

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.

Date published : 2012-02-13

http://www.securityfocus.com/bid/51826

http://drupal.org/node/1423722