Open redirect in Drupal - CVE-2013-6389
Published: September 15, 2016
Vulnerability identifier: #VU457
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2013-6389
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The weakness allows a remote attacker to obtain valid user's credential.
The vulnerability exists due to unsufficient URLs validation before showing their content. The Overlay module shows administrative pages instead of its substitution in the browser window that expose open redirect weakness.
Successful exploitation of the vulnerability may result in gaining access to the target user's data.
The vulnerability exists due to unsufficient URLs validation before showing their content. The Overlay module shows administrative pages instead of its substitution in the browser window that expose open redirect weakness.
Successful exploitation of the vulnerability may result in gaining access to the target user's data.