Security bypass in Drupal - #VU588
Published: September 21, 2016
Vulnerability identifier: #VU588
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability may make the system accessible to all users.
The weakness exists due to improper access control. In case of using menu.module for a menu item creation, a malicious user will be able to obtain any page you point to.
Successfull exploitation of the vulnerability may allow attacker to access the vulnerable system.
The weakness exists due to improper access control. In case of using menu.module for a menu item creation, a malicious user will be able to obtain any page you point to.
Successfull exploitation of the vulnerability may allow attacker to access the vulnerable system.
Remediation
Update 4.5.x to 4.5.8.
Update 4.6.x to 4.6.6.
Update 4.6.x to 4.6.6.