CVE-2011-2687
published 2011-07-27CVE-2011-2687: Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.06%
85.9th percentile
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 7.0 < 7.3 | 7.3 |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Drupal Access Control Bypass
osv·2022-05-17
CVE-2011-2687 [HIGH] Drupal Access Control Bypass
Drupal Access Control Bypass
Drupal 7.x before 7.3 allows remote attackers to bypass intended `node_access` restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
GHSA
Drupal Access Control Bypass
ghsa·2022-05-17
CVE-2011-2687 [HIGH] CWE-284 Drupal Access Control Bypass
Drupal Access Control Bypass
Drupal 7.x before 7.3 allows remote attackers to bypass intended `node_access` restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385http://drupal.org/node/1204582http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.htmlhttp://secunia.com/advisories/45081http://secunia.com/advisories/45291http://www.openwall.com/lists/oss-security/2011/07/11/2http://www.openwall.com/lists/oss-security/2011/07/12/16http://www.securityfocus.com/bid/48505https://bugzilla.redhat.com/show_bug.cgi?id=717874http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385http://drupal.org/node/1204582http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.htmlhttp://secunia.com/advisories/45081http://secunia.com/advisories/45291http://www.openwall.com/lists/oss-security/2011/07/11/2http://www.openwall.com/lists/oss-security/2011/07/12/16http://www.securityfocus.com/bid/48505https://bugzilla.redhat.com/show_bug.cgi?id=717874
2011-07-27
Published