|
|
CVE Reference: CVE-2007-5597 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5597 |
|
|
Description: The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/37296 SAID Secunia Advisory: SA27292 Secunia Advisory: SA27352 FEDORA CONFIRM http://drupal.org/node/184354 BID 26119 |
|
| Return to the previous page. |
