Open redirect in Drupal - CVE-2015-7943
Published: September 14, 2016 / Updated: September 14, 2016
Vulnerability identifier: #VU427
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-7943
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows attackers to obtain potentially sensitive information.
The weakness exists due to unproper functionality of Overlay module that unsufficiently checks the URLs. The module also shows administrative page in the browser instead of its substitution.
Successful exploitation of this vulnerability may result in obtaining potentially sensitive data.
The weakness exists due to unproper functionality of Overlay module that unsufficiently checks the URLs. The module also shows administrative page in the browser instead of its substitution.
Successful exploitation of this vulnerability may result in obtaining potentially sensitive data.