Bypassing Group Restrictions in Organic Groups Module for Drupal

Bypassing Group Restrictions in Organic Groups Module for Drupal

CVE-2013-7068 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:N

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.

Learn more about our User Device Pen Test.