Drupal Forward Module Cross Site Request Forgery and Access Security Bypass Vulnerabilities

Forward Module for Drupal is prone to a cross-site request-forgery vulnerability and multiple security-bypass vulnerabilities.

Exploiting the security-bypass issues may allow a remote attacker to gain unauthorized access to the protected areas of the application. Other attacks are also possible.

An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.

The following versions are vulnerable:

Forward 6.x-1.x versions prior to 6.x-1.21
Forward 7.x-1.x versions prior to 7.x-1.3


Privacy Statement
Copyright 2010, SecurityFocus