CVE-2011-2687
Published: 27 July 2011
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Notes
Author | Note |
---|---|
sbeattie | from upstream, only affects drupal7 |
Priority
Status
Package | Release | Status |
---|---|---|
drupal6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
drupal7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(7.4-1)
|