Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access
restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
{ "nvd_published_at": "2011-07-27T02:55:00Z", "cwe_ids": [ "CWE-284" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-19T17:29:45Z" }