Description
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Remediation
References
Related Vulnerabilities
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-3368)
WordPress Plugin WP Editor Multiple Vulnerabilities (1.2.5.3)
Plone CMS Improper Input Validation Vulnerability (CVE-2011-4462)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7888)