Categories

Applications (222)
Blogs (7)
Content Management (148)
Customer Relationship (2)
Discussion Boards (29)
E-Commerce (14)
General Purpose Directories (2)
Image Galleries (18)
Mailing Lists (1)
Tips (3)
Vulnerabilities (337)
Access Bypass (50)
Cross Site Scripting (123)
Denial Of Service (2)
File Inclusion (51)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (16)
Session Hijacking (2)
SQL Injection (130)
« WordPress “demo” XSS
Drupal: Private Issue Exposure »

Drupal: Profile Security Bypass

Published by CS Lee March 9th, 2007 in Access Bypass and Content Management.

Application: Drupal Nodefamily Module
Version: 5.x-1.0 but not 4.7 branch
Vendor’s URL: http://drupal.org/
Bug Type: Access Bypassing
Risk: Medium

Description: This vulnerability only affects to drupal installation with Nodefamily module.

Solution:
- Update Nodefamily module to latest version that you can find here:
- http://drupal.org/node/123126

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional