4 matches found
CVE-2015-7229
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the 1 "post to twitter" permission or change the options...
Code injection
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the 1 "post to twitter" permission or change the options...
CVE-2015-7229
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the 1 "post to twitter" permission or change the options...
CVE-2015-7229
The Drupal Twitter module vulnerability CVE-2015-7229 affects Drupal sites using the Twitter submodule (6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, 7.x-6.x before 7.x-6.0). The root cause is improper access checks, allowing remote authenticated users with the post to twitter, add twitter acco...