Description
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4583)
WordPress Plugin WooCommerce Dynamic Pricing & Discounts Multiple Vulnerabilities (2.4.1)
WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)
WordPress Plugin Custom Field Suite Cross-Site Request Forgery (2.5.15)
WordPress Plugin Images Slideshow by 2J-Image Slider Security Bypass (1.3.31)