Description
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2020-2754 Vulnerability (CVE-2020-2754)
WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Deletion (4.16.2)
TYPO3 CVE-2024-25120 Vulnerability (CVE-2024-25120)
WordPress Plugin Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)