Description
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.4.5)
WordPress Plugin WP Frontend Profile Security Bypass (1.2.1)
Magento Deserialization of Untrusted Data Vulnerability (CVE-2019-8141)
PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)
OpenSSL Possible denial of service attack Vulnerability (CVE-2020-1971)