The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node’s author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
CPE | Name | Operator | Version |
---|---|---|---|
feeds | eq | 7.x-2.0 alpha3 | |
feeds | eq | 7.x-2.0 alpha5 | |
feeds | eq | 7.x-2.0 alpha4 | |
feeds | eq | 7.x-2.0 alpha1 | |
feeds | eq | 7.x-2.0 alpha2 | |
feeds | eq | 7.120.2120 |