Drupal Spider Contacts Module Multiple SQL Injection and Cross Site Request Forgery Vulnerabilities

The Spider Contacts module for Drupal is prone to multiple cross-site request-forgery and SQL-injection vulnerabilities.

Attackers may exploit these issues to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or to perform unauthorized actions by enticing a logged-in user to visit a malicious site. This may lead to other vulnerabilities.

Spider Contacts 6.x and 7.x are vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus