drupal7

2011-07-30

Page content

Author: Miklos Vajna
Vulnerable: 7.4-1nexon1
Unaffected: 7.7-1nexon1

A vulnerability has been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to files attached to a comment when access to the comment is restricted, which can be exploited to e.g. download the files.

Bug Tracker URL: http://bugs.frugalware.org/task/4538

CVEs:

No CVE references, see http://drupal.org/node/1231510