Description
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Forms for ACF Security Bypass (1.6.8)
MySQL CVE-2019-2784 Vulnerability (CVE-2019-2784)
Joomla Improper Input Validation Vulnerability (CVE-2021-23131)
WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)
Atlassian Jira Incorrect Default Permissions Vulnerability (CVE-2019-14995)