The menu system in Drupal 6 prior to 6.2 has incorrect menu settings, which allows remote malicious users to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |