A vulnerability has been reported in the Content Translation module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error, which can be exploited to bypass normal viewing access restrictions and e.g. view the content of unpublished nodes without requiring any additional permissions to do so.
Successful exploitation of this vulnerability requires the "translate content" permission.
This vulnerability is reported in Drupal 6.x.
Solution: Update to version 6.9.
Provided and/or discovered by: The vendor credits Wolfgang Ziegler.
Original Advisory: SA-CORE-2009-001:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org