4 matches found
CVE-2013-7065
The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...
CVE-2013-7065
The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...
CVE-2013-7065
The CVE concerns the Drupal Organic Groups (OG) module for Drupal 7.x-2.x, specifically versions prior to 7.x-2.3. The vulnerability allows remote attackers to bypass access restrictions and post to arbitrary groups using the og_group_ref field, enabling group-wide content posting beyond intended...
SA-CONTRIB-2013-095 - Organic Groups - Access bypass
Two issues exist within entity references and permissions relating to OG, allowing users potential access bypass. Posting content into groups where a user is not a member Organic Groups does not sufficiently check the group audience fields e.g. oggroupref field from being populated with invalid...