WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Remediation

References

Related Vulnerabilities

WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4)

MySQL CVE-2020-14846 Vulnerability (CVE-2020-14846)

WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)

MySQL CVE-2014-2442 Vulnerability (CVE-2014-2442)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.1)

Severity

Low

Classification

CVE-2010-3093 CWE-264

Tags

Missing Update Known Vulnerabilities