Description
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4999)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.30)
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)
WordPress Plugin Ajax Calendar 'example.php' Cross-Site Scripting (1.0)