Multiple Drupal Modules Multiple Input Validation Vulnerabilities

Bugtraq ID:	52502
Class:	Unknown
CVE:	CVE-2012-2056 CVE-2012-2057 CVE-2012-2058 CVE-2012-2059 CVE-2012-2060 CVE-2012-2061 CVE-2012-2062
Remote:	Yes
Local:	No
Published:	Mar 14 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Ivo Van Geertruyen and Dylan Tack of the Drupal Security Team. Charlie Gordon, Peter Boden, Sascha Grossenbacher and John T. Haller
Vulnerable:	Drupal Ubercart Payflow Link Module 0 Drupal Ubercart Bulk Stock Updater Module 0 Drupal ticketyboo News Ticker Module 0 Drupal Redirecting click bouncer Module 0 Drupal Content Lock Module 0 Drupal Admin tools Module 0
Not Vulnerable:

Multiple Drupal Modules Multiple Input Validation Vulnerabilities

Multiple Drupal modules are prone to multiple input-validation vulnerabilities.

Exploiting these issues could allow an attacker to bypass security restrictions and perform unauthorized actions, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or redirect a user to a potentially malicious site; this may aid in phishing attacks.

Multiple Drupal Modules Multiple Input Validation Vulnerabilities

Attackers can exploit these issues using browser.

Multiple Drupal Modules Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple Drupal Modules Multiple Input Validation Vulnerabilities

References:

• Drupal Homepage (Drupal)
  
• SA-CONTRIB-2012-036 - Multiple Modules Unsupported (Drupal)