The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fast_permission_administration | Fast_permissions_administration_project | 6.x-2.0 (including) | 6.x-2.0 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 6.x-2.1 (including) | 6.x-2.1 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 6.x-2.2 (including) | 6.x-2.2 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 6.x-2.3 (including) | 6.x-2.3 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 6.x-2.4 (including) | 6.x-2.4 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 6.x-2.x-dev (including) | 6.x-2.x-dev (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 7.x-2.0 (including) | 7.x-2.0 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 7.x-2.1 (including) | 7.x-2.1 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 7.x-2.2 (including) | 7.x-2.2 (including) |
| Fast_permission_administration | Fast_permissions_administration_project | 7.x-2.x-dev (including) | 7.x-2.x-dev (including) |