Description

Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.

Remediation

References

CVE-2006-1227

Related Vulnerabilities

WordPress Plugin GA Google Analytics Cross-Site Scripting (20210211)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.91)

WordPress Plugin Traffic Analyzer Cross-Site Scripting (3.3.2)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.8)

WordPress 3.7.1 Multiple Vulnerabilities (3.7 - 3.7.1)

Severity

Medium

Classification

CVE-2006-1227

Tags

Missing Update Known Vulnerabilities