Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Remediation

References

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35160)

Ruby on Rails Improper Verification of Intent by Broadcast Receiver Vulnerability (CVE-2026-33173)

WordPress Plugin Tom M8te Directory Traversal (1.5.3)

WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)

WordPress Plugin Export any WordPress data to XML/CSV SQL Injection (1.3.4)

Severity

Low

Classification

CVE-2010-3093 CWE-264

Tags

Missing Update Known Vulnerabilities