CVE-2013-4379
The Make Meeting Scheduler module for Drupal (6.x-1.x, affected prior to 6.x-1.3) allows remote attackers to bypass access restrictions by requesting a poll via the node URL instead of the hashed URL. Root cause: insufficient access validation when a poll is accessed directly through its node URL...