CVE-2012-5557
The vulnerability CVE-2012-5557 affects the Drupal module User Read-Only (versions 6.x-1.x up to 6.x-1.4 and 7.x-1.x up to 7.x-1.4). The root cause is improper role assignment when more than three roles are configured, which could allow remote authenticated users to escalate privileges (demonstra...