• Advisory ID: DRUPAL-SA-CONTRIB-2009-071
  • Project: OG Vocabulary (third party module)
  • Version: 6.x
  • Date: 2009-October-14
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass


The Organic Groups Vocabulary module enables an organic group to have a group specific vocabulary. A vulnerability in this module allows any group member, even if they are not a group admin, to view, edit, and create vocabularies and terms for all groups.

Versions affected

  • Organic Groups Vocabulary module versions 6.x prior to 6.x-1.0

Drupal core is not affected. If you do not use the contributed Organic Groups Vocabulary module, there is nothing you need to do.


Install the latest version.

Reported by

FGM and Ki

Fixed by

mrag_28 and Amitaibu, the module maintainer.


The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.