CVE-2012-5539

The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc3:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc4:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Information

Published : 2012-12-03 13:55

Updated : 2020-05-06 05:48


NVD link : CVE-2012-5539

Mitre link : CVE-2012-5539


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

organic_groups_project

  • organic_groups

drupal

  • drupal