2012-12-03 21:00:00
redhat
PUBLISHED
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the nodes author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.