CVE-2010-2473

Summary

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.

Affected Software

VendorProductVersion RangeStatus
drupal6drupal66.x before version 6.16affected
drupal6drupal65.x before version 5.22affected

Weaknesses

  • user session regeneration

ADP Enrichment

CVE Program Container

Additional References

References