Vulnerabilities > Organic Groups Project > Organic Groups > 7.x.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-18 | CVE-2013-4228 | Incorrect Authorization vulnerability in Organic Groups Project Organic Groups 7.X2.0/7.X2.1/7.X2.2 The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | 4.0 |
2014-04-29 | CVE-2013-7068 | Permissions, Privileges, and Access Controls vulnerability in Organic Groups Project Organic Groups The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | 4.9 |
2014-04-29 | CVE-2013-7065 | Permissions, Privileges, and Access Controls vulnerability in Organic Groups Project Organic Groups The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | 5.8 |