Drupal OG Vocabulary Module Security Bypass Vulnerability
BID:52042
Info
Drupal OG Vocabulary Module Security Bypass Vulnerability
| Bugtraq ID: | 52042 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 15 2012 12:00AM |
| Updated: | Feb 15 2012 12:00AM |
| Credit: | Chris Czeyka |
| Vulnerable: |
Drupal OG Vocabulary 6.X-1.1 |
| Not Vulnerable: |
Drupal OG Vocabulary 6.X-1.2 |
Discussion
Drupal OG Vocabulary Module Security Bypass Vulnerability
The OG Vocabulary module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.
OG Vocabulary versions 6.x-1.x through 6.x-1.2 are vulnerable.
The OG Vocabulary module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.
OG Vocabulary versions 6.x-1.x through 6.x-1.2 are vulnerable.
Exploit / POC
Drupal OG Vocabulary Module Security Bypass Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
Drupal OG Vocabulary Module Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
Drupal OG Vocabulary Module Security Bypass Vulnerability
References:
References: