• Advisory ID: DRUPAL-SA-2007-014
  • Project: Print (third-party module)
  • Version: 5.x and 4.7.x
  • Date: 2007-July-09
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Description

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control, Taxonomy Access Lite, etc.

Versions affected

  • Print for Drupal 5.x before 5.x-1.2
  • Print for Drupal 4.7.x before 4.7-1.0

Drupal core is not affected. If you do not use the contributed Print module, there is nothing you need to do.

Solution

Install the latest version:

See also the Print project page.

Reported by

Tim Harman

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.