VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 18, 2015· Updated May 6, 2026

CVE-2015-5515

CVE-2015-5515

Description

The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • Views Bulk Operations Project/Views Bulk Operations13 versions
    cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:6.x-1.17:*:*:*:*:drupal:*:*+ 12 more
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:6.x-1.17:*:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:6.x-1.x:dev:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:alpha1:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:alpha2:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:alpha3:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:beta1:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:beta2:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:beta3:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.0:rc1:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.2:*:*:*:*:drupal:*:*
    • cpe:2.3:a:views_bulk_operations_project:views_bulk_operations:7.x-3.x:dev:*:*:*:drupal:*:*
  • Drupal/Views Bulk Operationsllm-fuzzy
    Range: 6.x-1.x, 7.x-3.x before 7.x-3.3

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.