Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2687)

Description

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

Remediation

References

CVE-2011-2687

Related Vulnerabilities

WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-17373)

WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)

WordPress Plugin NextGEN Smooth Gallery 'galleryID' Parameter SQL Injection (1.2)

WordPress Plugin Spreadsheet (wpSS) Cross-Site Scripting (0.62)

Severity

High

Classification

CVE-2011-2687 CWE-264