Description
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Remediation
References
Related Vulnerabilities
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15735)
WordPress Plugin Comments Like Dislike Security Bypass (1.1.3)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7537)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)
WebLogic Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5397)