Description
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
Remediation
References
Related Vulnerabilities
Dolibarr Improper Input Validation Vulnerability (CVE-2013-2093)
WordPress Plugin WP Prayer Multiple Cross-Site Request Forgery Vulnerabilities (1.6.5)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-1476)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)
WordPress Plugin Yandex Money button Cross-Site Scripting (2.3.3)