RSS   Vulnerabilities for 'Organic groups'   RSS

2020-02-18
 
CVE-2013-4228

CWE-863
 

 
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

 
2014-04-29
 
CVE-2013-7068

CWE-264
 

 
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.

 
 
CVE-2013-7065

CWE-264
 

 
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.

 


Copyright 2024, cxsecurity.com

 

Back to Top