2 matches found
CVE-2015-7306
Summary: CVE-2015-7306 affects the Drupal CMS Updater module (7.x-1.x) prior to 7.x-1.3. The vulnerability is a permission check bypass on the settings access page, enabling remote authenticated users to view and modify settings by abusing the "access administration pages" permission. Affected so...
CMS Updater - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-150
CMS Updater allows to update Drupal core automatically with a subscription service. Access bypass The module does not sufficiently protect the settings page allowing any user with the permission "access administration pages" to change settings. This vulnerability is mitigated by the fact that an...