Drupal Forward Module Cross Site Request Forgery and Access Security Bypass Vulnerabilities
Forward Module for Drupal is prone to a cross-site request-forgery vulnerability and multiple security-bypass vulnerabilities.
Exploiting the security-bypass issues may allow a remote attacker to gain unauthorized access to the protected areas of the application. Other attacks are also possible.
An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
The following versions are vulnerable:
Forward 6.x-1.x versions prior to 6.x-1.21
Forward 7.x-1.x versions prior to 7.x-1.3