2 matches found
CVE-2012-4487
The CVE concerns Drupal’s Subuser module, prior to version 6.x-1.8. The vulnerability arises from insufficient checking of the "switch subuser" permission, enabling remote authenticated parent users to change their role by switching to a subuser they created. Practical impact is a potential privi...
CVE-2012-4486
The CVE-2012-4486 issue affects the Drupal Subuser module prior to 6.x-1.8, where a CSRF flaw could allow remote attackers to hijack another user’s session by switching to a subuser via unspecified vectors. Impact is unauthorized account switching (CSRF) with partial confidentiality/integrity/ava...