Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Remediation

References

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Ajax Product Filter Cross-Site Scripting (3.11.0)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll PHP Object Injection (1.5.5)

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

MySQL CVE-2021-2180 Vulnerability (CVE-2021-2180)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Privilege Escalation (3.3.1)

Severity

Low

Classification

CVE-2010-3093 CWE-264

Tags

Missing Update Known Vulnerabilities