Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Remediation

References

CVE-2010-3093

Related Vulnerabilities

WordPress Plugin 301 Redirects-Easy Redirect Manager Security Bypass (2.40)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-45152)

WordPress Plugin Advanced Shipment Tracking for WooCommerce Security Bypass (3.2.6)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2244)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.96)

Severity

Low

Classification

CVE-2010-3093 CWE-264

Tags

Missing Update Known Vulnerabilities