WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Authentication Vulnerability (CVE-2010-3091)

Description

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Remediation

References

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.8)

WordPress Plugin CevherShare 'cevhershare-admin.php' SQL Injection (2.0)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.19)

Oracle JRE CVE-2023-21937 Vulnerability (CVE-2023-21937)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2428)

Severity

Medium

Classification

CVE-2010-3091 CWE-287

Tags

Missing Update Known Vulnerabilities