Description
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Remediation
References
Related Vulnerabilities
Apache Tomcat Numeric Errors Vulnerability (CVE-2014-0099)
SharePoint CVE-2023-23395 Vulnerability (CVE-2023-23395)
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-9937)