Description

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

Remediation

References

CVE-2015-3234

Related Vulnerabilities

WordPress Plugin DukaPress TimThumb Arbitrary File Upload (2.3.2)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33334)

WordPress Plugin WP Custom Admin Interface PHP Object Injection (7.28)

Oracle JRE CVE-2019-2945 Vulnerability (CVE-2019-2945)

Oracle Database Server CVE-2019-2776 Vulnerability (CVE-2019-2776)

Severity

Medium

Classification

CVE-2015-3234 CWE-20

Tags

Missing Update Known Vulnerabilities