CVE-2005-3974

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Date published : 2005-12-03

http://www.securityfocus.com/bid/15674

http://www.securityfocus.com/archive/1/418336/100/0/threaded