Description
Drupal Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access pages corresponding to newly created menu items. Drupal Core versions 4.6.x ranging from 4.6.0 and up to and including 4.6.5 are vulnerable.
Remediation
Update to Drupal Core version 4.6.6 or latest
References
Related Vulnerabilities
WordPress Plugin Abandoned Cart Lite for WooCommerce Cross-Site Scripting (5.1.3)
Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)
WordPress Plugin Users to CSV Cross-Site Request Forgery (1.4.5)
Oracle JRE CVE-2017-10345 Vulnerability (CVE-2017-10345)
Oracle Application Server Other Vulnerability (CVE-2007-0286)