Description
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Remediation
References
Related Vulnerabilities
WordPress Plugin Favicon by RealFaviconGenerator Cross-Site Scripting (1.2.12)
WordPress Plugin WP Editor Arbitrary File Upload (1.2.5.3)
MySQL CVE-2016-0662 Vulnerability (CVE-2016-0662)
MySQL CVE-2020-14702 Vulnerability (CVE-2020-14702)
WordPress Plugin Anti Spam Protection without CAPTCHA powered by Keypic Security Bypass (2.1.2)