Description
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Remediation
References
Related Vulnerabilities
WordPress Plugin Duplicate Page Multiple Vulnerabilities (2.3)
Squid Improper Encoding or Escaping of Output Vulnerability (CVE-2021-28662)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5062)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Cross-Site Scripting (2.0.8.1)