Open redirect vulnerability in the Overlay module in Drupal 7.x prior to 7.38 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 7.0 |
||
drupal drupal 7.16 |
||
drupal drupal 7.21 |
||
drupal drupal 7.18 |
||
drupal drupal 7.15 |
||
drupal drupal 7.3 |
||
drupal drupal 7.17 |
||
drupal drupal 7.8 |
||
drupal drupal 7.13 |
||
drupal drupal 7.35 |
||
drupal drupal 7.20 |
||
drupal drupal 7.5 |
||
drupal drupal 7.10 |
||
drupal drupal 7.30 |
||
drupal drupal 7.27 |
||
drupal drupal 7.6 |
||
drupal drupal 7.12 |
||
drupal drupal 7.34 |
||
drupal drupal 7.9 |
||
drupal drupal 7.4 |
||
drupal drupal 7.28 |
||
drupal drupal 7.22 |
||
drupal drupal 7.11 |
||
drupal drupal 7.33 |
||
drupal drupal 7.19 |
||
drupal drupal 7.25 |
||
drupal drupal 7.24 |
||
drupal drupal 7.14 |
||
drupal drupal 7.23 |
||
drupal drupal 7.26 |
||
drupal drupal 7.29 |
||
drupal drupal 7.1 |
||
drupal drupal 7.7 |
||
drupal drupal 7.2 |
||
drupal drupal 7.37 |
||
drupal drupal 7.36 |
Verisign, LiveJournal and StackExchange members are your unknown admins
Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators. The flaw (CVE-2015-3234) is the most critical of four and affects versions six and seven of the content management system. Drupal's security team say attackers can target unpatched systems if they hold an OpenID account. "A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their a...