2 matches found
CVE-2010-2473
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked...
CVE-2010-2473
Drupal 6.x before 6.16 and Drupal 5.x before 5.22 allow a user with an open session that has been blocked to continue an active session on the site. This is caused by insufficient blocking logic, enabling the blocked user to maintain access despite enforcement of a block. The issue is documented ...