Arbitrary Node Creation Vulnerability in Feeds Module for Drupal
CVE-2012-5543 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
Learn more about our Web Application Penetration Testing UK.