CVE Vulnerabilities

CVE-2011-2687

Published: Jul 27, 2011 | Modified: Sep 03, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

Affected Software

Name Vendor Start Version End Version
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.1 7.1
Drupal Drupal 7.0 7.0
Drupal Drupal 7.2 7.2

References