The Twilio module 7.x-1.x prior to 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twilio project twilio 7.x-1.1 |
||
twilio project twilio 7.x-1.2 |
||
twilio project twilio 7.x-1.4 |
||
twilio project twilio 7.x-1.5 |
||
twilio project twilio 7.x-1.8 |
||
twilio project twilio 7.x-1.6 |
||
twilio project twilio 7.x-1.9 |