Описание
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
6 Medium
CVSS2
Дефекты
Связанные уязвимости
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
EPSS
6 Medium
CVSS2