Description
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-39410 Vulnerability (CVE-2022-39410)
Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)
WordPress Plugin wp-autosuggest SQL Injection (0.24)
Next.js Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)