The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ajaxtable | Chris_shattuck | 5.x-1.x-dev (including) | 5.x-1.x-dev (including) |