CVE-2010-3093

Drupal 5.x < 5.23 and 6.x < 6.18 - Authenticated Comment Reinstatement via Crafted URL

Title source: llm
STIX 2.1

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2113
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128440896914512&w=2
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/880476
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128418560705305&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42391

Scores

EPSS 0.0025
EPSS Percentile 48.1%

Details

CWE
CWE-264
Status published
Products (36)
drupal/drupal 5.0 (6 CPE variants)
drupal/drupal 5.1
drupal/drupal 5.2
drupal/drupal 5.3
drupal/drupal 5.4
drupal/drupal 5.5
drupal/drupal 5.6
drupal/drupal 5.7
drupal/drupal 5.8
drupal/drupal 5.9
... and 26 more
Published Sep 21, 2010
Tracked Since Feb 18, 2026