Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2020-April-08
Vulnerability:
Access bypass
Description:
The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots.
The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass.
Solution:
Install the latest version:
- If you use the spamicide module for Drupal 7.x, upgrade to spamicide 7.x-1.3
Also see the Spamicide project page.
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
