1 results (0.000 seconds)

CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 0

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. El modulo OG Features 6.x-1.x anteriores a 6.x-1.4 para Drupal no invalida páginas que tienen un callback de acceso establecido a false, lo cual permite a atacantes remotos sortear restricciones de acceso a través de una petición. • http://osvdb.org/100611 http://www.securityfocus.com/bid/64134 https://drupal.org/node/2149743 https://drupal.org/node/2149791 https://exchange.xforce.ibmcloud.com/vulnerabilities/89458 • CWE-264: Permissions, Privileges, and Access Controls •