[原文]Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
Drupal Privilege Unspecified User Role Privilege Escalation
Remote / Network Access
Loss of Integrity
Drupal contains a flaw that may allow a malicious user to bypass security restrictions. The issue is due to an unspecified input validation error in the privilege system. It is possible that the flaw may allow an attacker to gain administrative privileges resulting in a loss of integrity.
Upgrade to version 4.4.3, 4.5.3, 4.6.1, or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.