Description
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Remediation
References
Related Vulnerabilities
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Arbitrary File Upload (3.4.3)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36287)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1111)
WordPress Plugin PWG Random Cross-Site Request Forgery (1.11)