The core BlogAPI module in Drupal 5.x prior to 5.11 and 6.x prior to 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |