Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Permissions Privileges and Access Controls Vulnerability - CVE-2016-7570 - Vulnerability Database
Drupal

Drupal Permissions Privileges and Access Controls Vulnerability - CVE-2016-7570

Medium
Reference: CVE-2016-7570
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-7570
Title: Drupal Permissions Privileges and Access Controls Vulnerability
Overview:

Drupal 8.x before 8.1.10 does not properly check for quotAdminister commentsquot permission which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.