Description
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
Nginx Out-of-bounds Write Vulnerability (CVE-2022-41741)
MySQL CVE-2018-2769 Vulnerability (CVE-2018-2769)
MySQL CVE-2016-5444 Vulnerability (CVE-2016-5444)
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)