Open redirect vulnerability in the Field UI module in Drupal 7.x prior to 7.38 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 7.0 |
||
drupal drupal 7.10 |
||
drupal drupal 7.11 |
||
drupal drupal 7.18 |
||
drupal drupal 7.19 |
||
drupal drupal 7.26 |
||
drupal drupal 7.27 |
||
drupal drupal 7.35 |
||
drupal drupal 7.36 |
||
drupal drupal 7.9 |
||
drupal drupal 7.14 |
||
drupal drupal 7.15 |
||
drupal drupal 7.21 |
||
drupal drupal 7.22 |
||
drupal drupal 7.23 |
||
drupal drupal 7.3 |
||
drupal drupal 7.30 |
||
drupal drupal 7.5 |
||
drupal drupal 7.6 |
||
drupal drupal 7.1 |
||
drupal drupal 7.16 |
||
drupal drupal 7.17 |
||
drupal drupal 7.24 |
||
drupal drupal 7.25 |
||
drupal drupal 7.33 |
||
drupal drupal 7.34 |
||
drupal drupal 7.7 |
||
drupal drupal 7.8 |
||
drupal drupal 7.12 |
||
drupal drupal 7.13 |
||
drupal drupal 7.2 |
||
drupal drupal 7.20 |
||
drupal drupal 7.28 |
||
drupal drupal 7.29 |
||
drupal drupal 7.37 |
||
drupal drupal 7.4 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
Verisign, LiveJournal and StackExchange members are your unknown admins
Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators. The flaw (CVE-2015-3234) is the most critical of four and affects versions six and seven of the content management system. Drupal's security team say attackers can target unpatched systems if they hold an OpenID account. "A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their a...