Drupal EveryBlog Module Multiple Unspecified Vulnerabilities

Drupal EveryBlog Module Multiple Unspecified Vulnerabilities

The EveryBlog module for Drupal is prone to multiple vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these vulnerabilities may allow attackers to:

- Execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user.

- Manipulate the SQL query logic to carry out unauthorized actions on the underlying database.

- Gain access to sensitive areas of the application without the appropriate privileges.

Versions up to and including EveryBlog 2.0 are vulnerable.