Drupal Third-Party Modules Multiple Vulnerabilities


Description   Several vulnerabilities have been identified in Drupal third-party modules:
- Storage API: unauthorized access to Storage API fields, attached to entities that are not nodes
- Chamilo integration: open redirect due to insufficient check on URL parameters.
     
Vulnerable Products   Vulnerable Software:
Drupal (Drupal) - 7.0, 7.1, 7.10, 7.11, 7.12, ..., 7.5, 7.6, 7.7, 7.8, 7.9
     
Solution   Versions of the following modules fix the vulnerabilities impacting them:- Storage API: 7.x-1.8- Chamilo integration: 7.x-1.2.
     
CVE  
     
References   - SA-CONTRIB-2015-114: Storage API
Moderately Critical
Access Bypass
https://www.drupal.org/node/2495903
SA-CONTRIB-2015-115: Chamilo integration
Less Critical
Open Redirect
https://www.drupal.org/node/2495931
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-05-27 

 Target Type 
Server 

 Possible exploit 
Remote