The Site Documentation Drupal module 5.x before 5.x-1.8...
Moderate severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
May 16, 2008
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 31, 2023
The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.
References