Arbitrary Node Creation Vulnerability in Feeds Module for Drupal

Arbitrary Node Creation Vulnerability in Feeds Module for Drupal

CVE-2012-5543 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.

Learn more about our Web Application Penetration Testing UK.