Drupal TrailScout Module SQL Injection And HTML Injection Vulnerabilities

The TrailScout module for Drupal is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and an HTML-injection issue.

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to TrailScout 5.x-1.4 are affected.


 

Privacy Statement
Copyright 2010, SecurityFocus