Drupal Core Access Bypass and Open Redirection Vulnerabilities

Drupal is prone to an access-bypass vulnerability and an open-redirection vulnerability.

An attacker can leverage these issues to bypass certain security restrictions and gain unauthorized access and by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

The following versions are vulnerable:

Drupal core 6.x versions prior to 6.35
Drupal core 7.x versions prior to 7.35


 

Privacy Statement
Copyright 2010, SecurityFocus