Description

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

Remediation

References

CVE-2011-2687

Related Vulnerabilities

WordPress Plugin A.M.Y. Cross-Site Scripting (1.3.3)

Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-31672)

TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-30451)

Severity

High

Classification

CVE-2011-2687 CWE-264

Tags

Missing Update Known Vulnerabilities