CVE-2011-2687

CWE-264CWE-284Improper Access Control5 documents5 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Drupal CoreDrupal Drupal
Timeline
PublishedJul 27
Latest updateMay 17

Description

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Packagistdrupal/core7.07.3
NVDdrupal/drupal7.0, 7.1, 7.2+2

Patches

Patch: drupal.orgPatch: drupal.org

🔴Vulnerability Details

3
OSV
Drupal Access Control Bypass2022-05-17
GHSA
Drupal Access Control Bypass2022-05-17
CVEList
CVE-2011-2687: Drupal 72011-07-27

💬Community

1
Bugzilla
CVE-2011-2687 Remote access bypass vulnerability in Drupal 72011-06-30
CVE-2011-2687 (HIGH CVSS 7.5) | Drupal 7.x before 7.3 allows remote | cvebase.io