CVE-2015-7306

CMS Updater 7.x-1.x - Authenticated Improper Access Control

Title source: llm
STIX 2.1

Description

The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2569599
Patch x_refsource_confirm
https://www.drupal.org/node/2569111

Scores

EPSS 0.0083
EPSS Percentile 53.0%

Details

CWE
CWE-284
Status published
Products (3)
drupaldise/cms_updater 7.x-1.0
drupaldise/cms_updater 7.x-1.1
drupaldise/cms_updater 7.x-1.2
Published Sep 21, 2015
Tracked Since Feb 18, 2026