Description
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5848 Vulnerability (CVE-2013-5848)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)
WordPress Plugin Download Monitor Unspecified Vulnerability (1.9.6)
PHP Use After Free Vulnerability (CVE-2016-4473)
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.86)