#VU427 Open redirect in Drupal - CVE-2015-7943
Published: September 14, 2016 / Updated: September 14, 2016
Vulnerability identifier: #VU427
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-7943
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Drupal
Drupal
Software vendor:
Drupal
Drupal
Description
The vulnerability allows attackers to obtain potentially sensitive information.
The weakness exists due to unproper functionality of Overlay module that unsufficiently checks the URLs. The module also shows administrative page in the browser instead of its substitution.
Successful exploitation of this vulnerability may result in obtaining potentially sensitive data.
The weakness exists due to unproper functionality of Overlay module that unsufficiently checks the URLs. The module also shows administrative page in the browser instead of its substitution.
Successful exploitation of this vulnerability may result in obtaining potentially sensitive data.