Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-07-27 02:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-2687
Mitre link : CVE-2011-2687
CVE.ORG link : CVE-2011-2687
JSON object : View
Products Affected
drupal
- drupal
CWE
CWE-264
Permissions, Privileges, and Access Controls