Drupal Views Module Access Bypass and Open Redirection Vulnerabilities

The Views module for Drupal is prone to an access-bypass vulnerability and a open-redirection vulnerability

An attacker can leverage these issues to bypass certain security restrictions and gain unauthorized access and by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.


Privacy Statement
Copyright 2010, SecurityFocus