CVE-2008-2771
Drupal Node Hierarchy Module - Unauthenticated Node Hierarchy Modification via Access Check Bypass
Title source: llmDescription
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
References (4)
Core 4
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30622
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43006
Patch x_refsource_confirm
http://drupal.org/node/269473
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29675
Scores
EPSS
0.0020
EPSS Percentile
41.8%
Details
CWE
CWE-264
Status
published
Products (4)
drupal/drupal
5.0
drupal/drupal
6.0
drupal/node_hierarchy_module
5
drupal/node_hierarchy_module
6
Published
Jun 18, 2008
Tracked Since
Feb 18, 2026