Description

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

Remediation

References

CVE-2008-2771

Related Vulnerabilities

MySQL CVE-2015-0503 Vulnerability (CVE-2015-0503)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)

WordPress Plugin Enable Media Replace Arbitrary File Upload (4.0.1)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)

Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25)

Severity

Medium

Classification

CVE-2008-2771 CWE-264

Tags

Missing Update Known Vulnerabilities