Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Input Validation Vulnerability (CVE-2015-3234)

Description

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

Remediation

References

Related Vulnerabilities

WordPress Plugin AGP Font Awesome Collection Cross-Site Scripting (2.7.2)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)

CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)

Drupal Data Processing Errors Vulnerability (CVE-2016-3171)

Liferay DXP Observable Timing Discrepancy Vulnerability (CVE-2025-43754)

Severity

Medium

Classification

CVE-2015-3234 CWE-20

Tags

Missing Update Known Vulnerabilities