VYPR

Node access user reference

by Drupal

CVEs (2)

  • CVE-2013-2123Aug 28, 2013
    risk 0.00cvss epss 0.01

    The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which…

  • CVE-2009-1507May 1, 2009
    risk 0.00cvss epss 0.01

    The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or…