2 matches found
CVE-2015-4389
The CVE concerns the Drupal contributed module Open Graph Importer (og_tag_importer) in the 7.x-1.x line. The root cause is improper enforcement of the create permission on destination content types during import, enabling remote authenticated users with the import_og_tag_importer permission to b...
Open Graph Importer - Moderately Critical - Access bypass - Unsupported - SA-CONTRIB-2015-092
This module enables you to import content from a web page by scraping its Open Graph data. The module doesn't sufficiently check for "create" permission to the content type that is configured as the destination for imported content, thus allowing a user with the "import ogtagimporter" permission ...