Description
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5471)
WordPress Plugin Image Metadata Cruncher Multiple Vulnerabilities (1.8)
WordPress Plugin Events Manager 'events-manager.php' SQL Injection (2.1)
Grafana Insecure Default Initialization of Resource Vulnerability (CVE-2026-33376)