Drupal 4.5.0 up to and including 4.5.5 and 4.6.0 up to and including 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote malicious users to bypass the "access user profiles" permission.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 4.6 |
||
drupal drupal 4.6.1 |
||
drupal drupal 4.5.2 |
||
drupal drupal 4.5.3 |
||
drupal drupal 4.5.4 |
||
drupal drupal 4.5.5 |
||
drupal drupal 4.5 |
||
drupal drupal 4.5.1 |
||
drupal drupal 4.6.2 |
||
drupal drupal 4.6.3 |