Main Vulnerability Database SB2017052909

SB2017052909 - Access bypass in Custom Landing Page Builder module for Drupal

Published: May 29, 2017 Updated: May 29, 2017

Security Bulletin ID SB2017052909

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to layout of the page.

The weakness exists due to improper access control. A remote attacker can use a WYSIWYG editor to build custom landing pages and edit the header, navigation, page content, footer, forms on the webpage.

Successful exploitation of the vulnerability may result in full control over the full layout of the page.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.drupal.org/node/2881156