Node Access User Reference Project : Security Vulnerabilities, CVEs, CVSS score >= 2
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.
Max CVSS
5.8
EPSS Score
0.27%
Published
2013-08-28
Updated
2013-10-07
1 vulnerabilities found