The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
debian_linux | eq | 7.0 | |
drupal | eq | 7.0 alpha5 | |
drupal | eq | 7.0 dev | |
drupal | eq | 7.0 alpha7 | |
drupal | eq | 6.0 beta2 | |
drupal | eq | 6.33 | |
drupal | eq | 7.40 | |
drupal | eq | 7.16 | |
drupal | eq | 6.0 rc2 |