CVE-2008-3000

Description

The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.

Affected products

• Drupal / aggregation_module3.0 – 3.0
• Drupal / aggregation_module3.1 – 3.1
• Drupal / aggregation_module3.2 – 3.2
• Drupal / aggregation_module4.0 – 4.0
• Drupal / aggregation_module4.1 – 4.1
• Drupal / aggregation_module4.2 – 4.2
• Drupal / aggregation_module4.3 – 4.3
• Drupal / aggregation_module5 – 5

References

• MISChttp://drupal.org/node/269479
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43017
• MISChttp://www.securityfocus.com/bid/29677
• VENDOR_ADVISORYhttp://secunia.com/advisories/30618