Strix
26.1K

CVE-2012-2922

UnknownEPSS 3.01%

Last modified

CVE-2012-2922 is a vulnerability of currently unknown severity. The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.. EPSS estimates a 3.01% chance of exploitation in the next 30 days.

Description

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.

Metrics

EPSS Probability
3.01%

85.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DrupalDrupal<= 7.14
DrupalDrupal5.0
DrupalDrupal5.1
DrupalDrupal5.2
DrupalDrupal5.3
DrupalDrupal5.4
DrupalDrupal5.5
DrupalDrupal5.6
DrupalDrupal5.7
DrupalDrupal5.8
DrupalDrupal5.9
DrupalDrupal5.10
DrupalDrupal5.11
DrupalDrupal5.12
DrupalDrupal5.13
DrupalDrupal5.14
DrupalDrupal5.15
DrupalDrupal5.16
DrupalDrupal5.17
DrupalDrupal5.18
DrupalDrupal5.19
DrupalDrupal5.20
DrupalDrupal5.21
DrupalDrupal5.22
DrupalDrupal5.23
DrupalDrupal6.0
DrupalDrupal6.1
DrupalDrupal6.2
DrupalDrupal6.3
DrupalDrupal6.4
DrupalDrupal6.5
DrupalDrupal6.6
DrupalDrupal6.7
DrupalDrupal6.8
DrupalDrupal6.9
DrupalDrupal6.10
DrupalDrupal6.11
DrupalDrupal6.12
DrupalDrupal6.13
DrupalDrupal6.14
DrupalDrupal6.15
DrupalDrupal6.16
DrupalDrupal6.17
DrupalDrupal6.18
DrupalDrupal7.0
DrupalDrupal7.1
DrupalDrupal7.2
DrupalDrupal7.3
DrupalDrupal7.4
DrupalDrupal7.5

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-2922?
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
How severe is CVE-2012-2922?
Severity scoring for CVE-2012-2922 is pending analysis. The EPSS model estimates a 3.01% probability of exploitation in the next 30 days.
How do I fix CVE-2012-2922?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-2922?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST