CVE-2013-4228
- EPSS 0.23%
- Veröffentlicht 18.02.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 01:55:10
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and ...
CVE-2013-7065
- EPSS 0.23%
- Veröffentlicht 29.04.2014 14:38:43
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
CVE-2013-7068
- EPSS 0.19%
- Veröffentlicht 29.04.2014 14:38:43
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
CVE-2012-5539
- EPSS 0.19%
- Veröffentlicht 03.12.2012 21:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is wa...
CVE-2008-3094
- EPSS 0.55%
- Veröffentlicht 09.07.2008 19:33:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.