Description

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Remediation

References

CVE-2012-0825

Related Vulnerabilities

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

MySQL CVE-2025-50087 Vulnerability (CVE-2025-50087)

WordPress Plugin Image Optimizer, Resizer and CDN-Sirv Cross-Site Scripting (6.8.0)

MySQL Out-of-bounds Write Vulnerability (CVE-2009-4484)

WordPress Plugin JiangQie Official Website Mini Program SQL Injection (1.1.0)

Severity

Medium

Classification

CVE-2012-0825 CWE-200

Tags

Missing Update Known Vulnerabilities