CVE-2013-7067 Information

Description

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false which allows remote attackers to bypass intended access restrictions via a request.

Reference

http://osvdb.org/100611 http://www.securityfocus.com/bid/64134 https://drupal.org/node/2149743 https://drupal.org/node/2149791 https://exchange.xforce.ibmcloud.com/vulnerabilities/89458