Description
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Remediation
References
Related Vulnerabilities
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)
WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)
WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1454)