Drupal Announcements Module Access Bypass Vulnerability

The Announcements module for Drupal is prone to an access-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of application to perform unauthorized actions; this may aid in launching further attacks.

Announcements 6.x-1.x versions prior to 6.x-1.5 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus