|
Description
|
|
Several vulnerabilities have been identified in Drupal's core:
- cross-site scripting. A remote attacker can exploit it by invoking "Drupal.ajax()" function on a white-listed HTML element
- CVE-2015-6658 : cross-site scripting. A remote attacker can exploit it via the requested URL that performs autocomplete functionality
- CVE-2015-6659 : SQL injection. A remote attacker with elevated permissions can exploit it by injecting malicious requests in SQL comments
- CVE-2015-6660 : cross-site request forgery. A remote attacker can exploit it via form API in order to upload temporary file under another user's account. This vulnerability stems in the fact that form token validation is not performed early enough
- CVE-2015-6661 : information disclosure. A remote attacker without "access content" permission can see the titles of nodes that they do not have access to, if the nodes are added to a menu on the site that the attacker have access to
Updated, 22/08/2015:
The drupal6 and drupal7 packages provided by FreeBSD are vulnerable.
Updated, 27/08/2015:
The drupal6 packages provided by Debian Squeeze 6 are vulnerable (CVE-2015-6658, CVE-2015-6660).
The drupal7 packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable.
Updated, 28/08/2015:
CVE-2015-6665 has been attributed to cross-site scripting vulnerability relative to Drupal.ajax() function.
|
|
Vulnerable Products
|
|
Vulnerable OS:
Fedora (Red Hat) - 21, 22FreeBSD (FreeBSD)GNU/Linux (Debian) - 6, 7, 8Vulnerable Software:
Drupal (Drupal) - 6.0, 6.1, 6.10, 6.11, 6.12, ..., 7.5, 7.6, 7.7, 7.8, 7.9
|
