Description

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

Remediation

References

CVE-2015-3234

Related Vulnerabilities

Plone CMS Weak Password Requirements Vulnerability (CVE-2020-7940)

WordPress Plugin Chat-Support Board-WordPress Chat Multiple SQL Injection Vulnerabilities (3.3.3)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6561)

Roundcube Unspesificed Vulnerability (CVE-2018-9846)

MySQL Improper Initialization Vulnerability (CVE-2020-11655)

Severity

Medium

Classification

CVE-2015-3234 CWE-20

Tags

Missing Update Known Vulnerabilities