WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Input Validation Vulnerability (CVE-2015-3234)

Description

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

Remediation

References

Related Vulnerabilities

Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)

Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)

WordPress Plugin YITH WooCommerce Questions and Answers Security Bypass (1.1.9)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35153)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20415)

Severity

Medium

Classification

CVE-2015-3234 CWE-20

Tags

Missing Update Known Vulnerabilities