WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Remediation

References

Related Vulnerabilities

WordPress Plugin Dropshix Security Bypass (4.0.13)

Zope Web Application Server Other Vulnerability (CVE-2000-0062)

Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)

WordPress Plugin Calendar Event Multi View Cross-Site Scripting (1.3.99)

Jenkins Improper Authorization Vulnerability (CVE-2021-21693)

Severity

Low

Classification

CVE-2010-3093 CWE-264

Tags

Missing Update Known Vulnerabilities