Your submission was sent successfully! Close

CVE-2010-3093

Published: 21 September 2010

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

Priority

Low

Status

Package Release Status
drupal5
Launchpad, Ubuntu, Debian
Upstream
Released (5.23)
Patches:
Debdiff: https://bugs.launchpad.net/ubuntu/+source/drupal6/+bug/539056
drupal6
Launchpad, Ubuntu, Debian
Upstream
Released (6.18, 6.16-1)
Patches:
Debdiff: https://bugs.launchpad.net/ubuntu/+source/drupal6/+bug/539056