2 matches found
CVE-2015-5499
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission...
CVE-2015-5499
The Drupal Navigate module has insufficient permission checks, allowing remote authenticated users to modify custom widgets and create widget records by exploiting the navigate view permission. CVSSv2 base score 4.0 (Medium). No remediation/version details are provided in the supplied documents.