Drupal Multiple Remote Vulnerabilities
Drupal is prone to multiple vulnerabilities including HTML-injection, cross-site scripting, cross-site request-forgery, session-fixation, and SQL-injection issues.
Attackers can exploit these issues to:
- control how the site is rendered to users
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- hijack a user's session and gain unauthorized access to the affected application.
- carry out unauthorized actions on the underlying database
- compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect Drupal 5.x before 5.8 and Drupal 6.x before 6.3.