Drupal Subuser Module Cross Site Request Forgery and Access Security Bypass Vulnerabilities

Subuser Module for Drupal is prone to a cross-site request-forgery vulnerability and a security-bypass vulnerability.

Exploiting these issues may allow an attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected application, or delete certain data; Other attacks are also possible.

Subuser 6.x-1.x versions prior to 6.x-1.8 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus