Improper Permission Check in Listhandler Module for Drupal Allows Remote Comment Authors to Bypass Access Restrictions

Improper Permission Check in Listhandler Module for Drupal Allows Remote Comment Authors to Bypass Access Restrictions

CVE-2012-4470 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.

Learn more about our Web Application Penetration Testing UK.