Drupal Multiple Remote Vulnerabilities

Drupal is prone to multiple vulnerabilities including HTML-injection, cross-site scripting, cross-site request-forgery, session-fixation, and SQL-injection issues.

Attackers can exploit these issues to:

- control how the site is rendered to users
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- hijack a user's session and gain unauthorized access to the affected application.
- carry out unauthorized actions on the underlying database
- compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Drupal 5.x before 5.8 and Drupal 6.x before 6.3.


Privacy Statement
Copyright 2010, SecurityFocus