Description
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Remediation
References
Related Vulnerabilities
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6752)
PostgreSQL Resource Management Errors Vulnerability (CVE-2012-2655)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3387)
WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5)
WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)