CVE-2010-3093

high

Description

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.

References

http://www.securityfocus.com/bid/42391

http://www.debian.org/security/2010/dsa-2113

http://marc.info/?l=oss-security&m=128440896914512&w=2

http://marc.info/?l=oss-security&m=128418560705305&w=2

http://drupal.org/node/880476

Details

Source: Mitre, NVD

Published: 2010-09-21

Updated: 2010-09-22

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High