WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Remediation

References

Related Vulnerabilities

WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)

WordPress Plugin WordPress Social Login Cross-Site Scripting (2.0.3)

PHP Improper Input Validation Vulnerability (CVE-2007-4840)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9427)

Moodle Other Vulnerability (CVE-2006-4938)

Severity

Low

Classification

CVE-2010-3093 CWE-264

Tags

Missing Update Known Vulnerabilities