Drupal Slidebox Module Security Bypass Vulnerability
BID:52500
Info
Drupal Slidebox Module Security Bypass Vulnerability
| Bugtraq ID: | 52500 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-2063 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Joshua Brauer of the Drupal Security Team |
| Vulnerable: |
Drupal Slidebox 7.x-2.x-dev Drupal Slidebox 7.x-1.3 Drupal Slidebox 7.x-1.2 Drupal Slidebox 7.x-1.1 Drupal Slidebox 7.x-1.0 |
| Not Vulnerable: |
Drupal Slidebox 7.x-1.4 |
Discussion
Drupal Slidebox Module Security Bypass Vulnerability
The Slidebox module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.
The following versions are vulnerable:
Slidebox versions 7.x-1.x through 7.x-1.3
Slidebox 7.x-2.x-dev
The Slidebox module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.
The following versions are vulnerable:
Slidebox versions 7.x-1.x through 7.x-1.3
Slidebox 7.x-2.x-dev
Exploit / POC
Drupal Slidebox Module Security Bypass Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
Drupal Slidebox Module Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
Drupal Slidebox Module Security Bypass Vulnerability
References:
References:
- Drupal Homepage (Drupal)
- Slidebox Module Homepage (Drupal)
- SA-CONTRIB-2012-037 - Slidebox - access bypass (Drupal)