CVE-2012-4487

Name of the Vulnerable Software and Affected Versions Subuser module versions prior to 6.x-1.8 for Drupal

Description The issue concerns the Subuser module for Drupal, where it fails to properly check switch subuser permissions. This allows remote authenticated parent users to change their role by switching to a subuser they created.

Recommendations For versions prior to 6.x-1.8, update to version 6.x-1.8 or later to resolve the issue.