Critical Vulnerability Fixed with the Release of Drupal 7.26 and 6.30

Share it:
Recently a popular Web CMS have "Durpal" have identify a high critical vulnerability in OpenID module, which was effecting Durpal 6.x and 7.x versions. It can be exploited by an attacker to impersonate other users on the website, including administrators, and take over their accounts.

This vulnerability only be exploited when the victim has an account with an associate OpenID identity.

Additionally, there was another vulnerability, which is access bypass issue. This can be leveraged, under certain circumstances, to access content that hasn’t been published, or one that users have no permission to see. This vulnerability is considered moderately critical.

These vulnerabilities is been patched in the latest version of the its CMS, but there is no new features has been added. Users are being requested to update there CMS version, for the security issue.


Share it:

News

Security

Post A Comment:

0 comments:

Follow by Email