Drupal Notify Module Multiple Access Bypass Vulnerabilities
BID:69228
Info
Drupal Notify Module Multiple Access Bypass Vulnerabilities
| Bugtraq ID: | 69228 |
| Class: | Access Validation Error |
| CVE: |
CVE-2014-9154 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 13 2014 12:00AM |
| Updated: | Dec 03 2014 12:57AM |
| Credit: | John Oltman |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Drupal Notify Module Multiple Access Bypass Vulnerabilities
The module is prone to multiple access-bypass vulnerabilities because of improper access validation
An attacker can exploit these issues to bypass certain security restrictions and gain access to sensitive information. This may aid in launching other attacks.
Notify 7.x-1.0 is vulnerable; other versions may also be affected.
The module is prone to multiple access-bypass vulnerabilities because of improper access validation
An attacker can exploit these issues to bypass certain security restrictions and gain access to sensitive information. This may aid in launching other attacks.
Notify 7.x-1.0 is vulnerable; other versions may also be affected.
Exploit / POC
Drupal Notify Module Multiple Access Bypass Vulnerabilities
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
Drupal Notify Module Multiple Access Bypass Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Drupal Notify Module Multiple Access Bypass Vulnerabilities
References:
References: