Description
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPGlobus Translate Options Cross-Site Scripting (2.1.0)
WordPress Plugin Theme Editor Arbitrary File Download (2.5)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)
WordPress Plugin Booster for WooCommerce PHP Object Injection (3.0.1)
Oracle Database Server CVE-2007-2118 Vulnerability (CVE-2007-2118)