Description
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-0503 Vulnerability (CVE-2015-0503)
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)
WordPress Plugin Enable Media Replace Arbitrary File Upload (4.0.1)
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)
Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25)