API handling of unpublished comment in Drupal - #VU553
Published: September 20, 2016
Vulnerability identifier: #VU553
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to mail out unpublished comments.
The weakness is caused by access control error. During the hook_comments API operation the system doesn't check the comments status that enables it's publication.
Successful vulnerability results in unallowed comments publication.
The weakness is caused by access control error. During the hook_comments API operation the system doesn't check the comments status that enables it's publication.
Successful vulnerability results in unallowed comments publication.
Remediation
Update 4.7.x to 4.7.8.
http://ftp.drupal.org/files/projects/drupal-4.7.8.tar.gz
Update 5.x to 5.3.
http://ftp.drupal.org/files/projects/drupal-5.3.tar.gz
http://ftp.drupal.org/files/projects/drupal-4.7.8.tar.gz
Update 5.x to 5.3.
http://ftp.drupal.org/files/projects/drupal-5.3.tar.gz