Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004
Project: Profile Date: 2020-February-19 Security risk: Moderately critical 14∕25 Vulnerability: Access Bypass
The Profile module enables you to allow users to have configurable user profiles.
The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users.
Install the latest version: