Total vulnerabilities in the database
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
| Software | From | Fixed in |
|---|---|---|
| organic_groups_project / organic_groups | 7.x-1.0-alpha1 | 7.x-1.0-alpha1.x |
| organic_groups_project / organic_groups | 7.x-1.0 | 7.x-1.0.x |
| organic_groups_project / organic_groups | 7.x-1.1-rc1 | 7.x-1.1-rc1.x |
| organic_groups_project / organic_groups | 7.x-1.1-rc2 | 7.x-1.1-rc2.x |
| organic_groups_project / organic_groups | 7.x-1.1-rc3 | 7.x-1.1-rc3.x |
| organic_groups_project / organic_groups | 7.x-1.1-rc4 | 7.x-1.1-rc4.x |
| organic_groups_project / organic_groups | 7.x-1.1 | 7.x-1.1.x |
| organic_groups_project / organic_groups | 7.x-1.2 | 7.x-1.2.x |
| organic_groups_project / organic_groups | 7.x-1.3 | 7.x-1.3.x |
| organic_groups_project / organic_groups | 7.x-1.4 | 7.x-1.4.x |
| organic_groups_project / organic_groups | 7.x-1.x-dev | 7.x-1.x-dev.x |