The LoginToboggan module 7.x-1.x prior to 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
logintoboggan project logintoboggan 7.x-1.2 |
||
logintoboggan project logintoboggan 7.x-1.0 |
||
logintoboggan project logintoboggan 7.x-1.1 |
||
logintoboggan project logintoboggan 7.x-1.3 |
||
logintoboggan project logintoboggan 7.x-1.x |