The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mike_stefanello | og_features | 6.x-1.2 |
| mike_stefanello | og_features | 6.x-1.0 |
| mike_stefanello | og_features | 6.x-1.3 |
| mike_stefanello | og_features | 6.x-1.x |
| mike_stefanello | og_features | 6.x-1.1 |