Improper Permission Check in Listhandler Module for Drupal Allows Remote Comment Authors to Bypass Access Restrictions
CVE-2012-4470 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.
Learn more about our Web Application Penetration Testing UK.